Secure authentication-key management system and method for mobile communications
First Claim
1. A method for authenticating a first mobile station comprising the steps of:
- receiving an authentication request in a secure authentication center (SAC), said authentication request including a first authentication signal generated by the first mobile station;
transmitting a request signal from said SAC to a secure authentication-key management system (SAMS), said request signal identifying the first mobile station;
generating a response signal in the SAMS, said response signal generated using authentication information signals not available to the SAC;
transmitting said response signal from said SAMS to said SAC;
generating a second authentication signal using said response signal and additional non-sensitive authentication information signals;
comparing said first authentication signal and said second authentication signal;
generating a authentication result signal in response to said comparing step, said authentication result identifying whether the mobile station has been successfully authenticated.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for enabling sensitive authentication information to be under the control of the service provider and transmitting only non-sensitive authentication information to the AC, for providing a secure technique for generating sensitive authentication information and for securely transmitting to and storing the information in the mobile system (MS) and a storage device controlled by the service provider, and for enabling a mobile station to utilize features supported by the visited system even if the MS home system does not support the feature. The present invention utilizes a secure authentication center (SAC) and a secure A-key management system (SAMS) to perform authentication. The SAC can be positioned locally in a home system, or it can be centrally located, for example, between systems. The SAC can be connected to many SAMS. Each SAMS stores sensitive authentication information for a group of MS'"'"'s. During authentication, the SAC generates a request signal to the appropriate SAMS which generates a unique signal based upon the secret authentication data and other data stored therein. However, the sensitive authentication data is not sent to the SAC. The SAC performs authentication using the unique signal transmitted by the SAMS.
-
Citations
35 Claims
-
1. A method for authenticating a first mobile station comprising the steps of:
-
receiving an authentication request in a secure authentication center (SAC), said authentication request including a first authentication signal generated by the first mobile station;
transmitting a request signal from said SAC to a secure authentication-key management system (SAMS), said request signal identifying the first mobile station;generating a response signal in the SAMS, said response signal generated using authentication information signals not available to the SAC; transmitting said response signal from said SAMS to said SAC; generating a second authentication signal using said response signal and additional non-sensitive authentication information signals; comparing said first authentication signal and said second authentication signal; generating a authentication result signal in response to said comparing step, said authentication result identifying whether the mobile station has been successfully authenticated.
-
-
2. A system for generating a shared data signal for use in authenticating a first mobile station comprising:
a first device, having a memory module, said memory module having a first secret data signal stored therein, said first device receiving a data request signal representing a request for the shared data signal to be used for authenticating the first mobile station, generating the shared data signal using said first secret data in response to said data request signal, transmitting said shared data signal, wherein said first secret data signal is stored only in said first device and the first mobile station. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. A system for authenticating a first mobile station comprising:
-
an authentication unit, disposed to communicate with the first mobile station, for authenticating said first mobile station; and a first device, having a memory module, said memory module having a first secret data signal stored therein, said first device receiving a data request signal representing a request for a shared data signal to be used for authenticating the first mobile station, generating a shared data signal using said first secret data in response to said data request signal, transmitting said shared data signal, wherein said first secret data signal is not available to said authentication unit. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for generating a shared data signal in a first device having a memory module having a first secret data signal stored therein, for authenticating a first mobile station comprising the steps of:
-
receiving a data request signal representing a request for a shared data signal to be used for authenticating the first mobile station; generating a shared data signal using a first secret data in response to said data request signal; and transmitting said shared data signal, wherein said first secret data signal is stored only in said first device and the first mobile station. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
Specification