Subscriber authentication in a mobile communications system
First Claim
1. An authentication center for a mobile communications network, comprisinga database storing an authentication key for each subscriber of said mobile communications network as a first input parameter for calculation of a ciphering key and an authentication response parameter in a first format required by a given first authentication procedure,a source for providing a random number as a second input parameter for calculation of said ciphering key and said authentication response parameter in said first format,an encryption key calculation unit arranged for having an authentication key provided from said database and a random number provided from said source of random numbers, respectively as first and second input parameters thereto, and for outputting a ciphering key which is in said first format,an authentication response parameter-calculation unit requiring a single input parameter for outputting an authentication response parameter which is in a second format which is different from said first format,a first adaptation unit responsive to input thereto of an authentication key from said database and a random number from said source, as input parameters, for providing said single input parameter to said authentication response parameter-calculation unit, anda second adaptation unit responsive to input thereto of said authentication response parameter outputted by said authentication response parameter-calculation unit, for providing said authentication response parameter according to said first authentication procedure.
3 Assignments
0 Petitions
Accused Products
Abstract
An authentication procedure in a Global System for Mobile Communications (GSM)-based mobile communications system relies on a challenge and response principle. A 32-bit Signed Response (SRES) parameter is calculated by an A3 algorithm from a 128-bit random number (RAND) and a 128-bit authentication key Ki in a mobile station, and in an authentication center, and the SRES values are compared. A Cellular Authentication and Voice Encryption (CAVE) algorithm having a 152-bit input parameter and a 18-bit output parameter is employed as the A3 algorithm. Parameter adaptation functions are provided between the input parameter of the CAVE algorithm and the GSM-type input parameters, namely the random number RAND and the authentication key Ki, as well as between the output parameter of the CAVE algorithm and the GSM output parameter, namely the signed response SRES.
138 Citations
3 Claims
-
1. An authentication center for a mobile communications network, comprising
a database storing an authentication key for each subscriber of said mobile communications network as a first input parameter for calculation of a ciphering key and an authentication response parameter in a first format required by a given first authentication procedure, a source for providing a random number as a second input parameter for calculation of said ciphering key and said authentication response parameter in said first format, an encryption key calculation unit arranged for having an authentication key provided from said database and a random number provided from said source of random numbers, respectively as first and second input parameters thereto, and for outputting a ciphering key which is in said first format, an authentication response parameter-calculation unit requiring a single input parameter for outputting an authentication response parameter which is in a second format which is different from said first format, a first adaptation unit responsive to input thereto of an authentication key from said database and a random number from said source, as input parameters, for providing said single input parameter to said authentication response parameter-calculation unit, and a second adaptation unit responsive to input thereto of said authentication response parameter outputted by said authentication response parameter-calculation unit, for providing said authentication response parameter according to said first authentication procedure.
-
2. An authentication parameter processing unit in a mobile station, comprising
a memory storing an authentication key for a mobile subscriber using said mobile station as a first input parameter for calculation of a ciphering key and an authentication response parameter in a first format required by a given, first authentication procedure, a source for providing a random number as a second input parameter for calculation of said ciphering key and said authentication response parameter in said first format, an encryption key calculation unit arranged for having an authentication key provided from said database and a random number provided from said source of random numbers, respectively as first and second input parameters thereto, and for outputting a ciphering key which is in said first format, an authentication response parameter calculation unit requiring a single input parameter for outputting an authentication response parameter which is in a second format which is different from said first format, a first adaptation unit responsive to input thereto of an authentication key from said database and a random number from said source, as input parameters, for providing said single input parameter to said authentication response parameter-calculation unit, and a second adaptation unit responsive to input thereto of said authentication response parameter outputted by said authentication response parameter-calculation unit, for providing said authentication response parameter according to said first authentication procedure.
-
3. An authentication method for a mobile communications network, a given authentication procedure having a given authentication response format comprising the steps of:
-
providing an authentication key compatible with a given first authentication response-calculation method but incompatible with a second authentication response-calculation method, for each subscriber of said mobile communications network, generating a random number compatible with said first authentication response-calculation method but incompatible with said second authentication response-calculation method, deriving an input parameter compatible with said second authentication response calculation method from said authentication key and said random number, calculating, by using said second authentication response-calculation method, an authentication response having a format which is incompatible with said given authentication response format of said given authentication procedure utilized in said mobile communications network, modifying said authentication response into modified authentication response having a format compatible with said given authentication response format of said given authentication procedure, and transferring and storing said modified authentication response in said mobile communications network.
-
Specification