Personal station authentication system and authentication method

US 6,134,431 A
Filed: 10/06/1997
Issued: 10/17/2000
Est. Priority Date: 10/07/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A radio communication exchange system managing a closed service area, and comprising at least one cell station for communicating with each of a plurality of personal stations entering said closed service area by a radio line and an exchange connected to said cell station, in which:

each of said plurality of personal stations includes identification information storing means for storing predetermined identification information of said each personal station, and private key storing means for storing a private key defined inherent to said each personal station in a public key cryptosystem,said exchange includes public key requesting means by which, when a personal station enters said closed service area, a public key management device for storing and managing a public key as a counterpart key of a private key in said public key cryptosystem in association with said identification information of each of said plurality of personal stations is requested for a public key of said personal station thus entering, and receiving means for receiving said public key of said entering personal station from said public key management device, andinformation obtained by enciphering or deciphering information for authentication based on said public key received by said exchange and said private key stored in said entering personal station is transferred between said exchange and said entering personal, and said exchange authenticates said entering personal station by making, on the basis of said transferred information, judgement as to consistency between said public key received by said exchange and said private key stored in said entering personal station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A public key cryptosystem is used for the authentication of a personal station (PS) which subscribes for a plurality of radio communication exchange systems. A public key of PS is registered into a public key DB of a public key management device. A private key is registered into PS. When PS moves into a service area of a certain radio communication exchange system, an exchange in that radio communication exchange system requests the public key management device for a public key of PS and makes a check for authentication of PS based on the public key cryptosystem by use of the received public key. Thereafter, when PS moves into a service area of another radio communication exchange system, an exchange in the other radio communication exchange system similarly requests the public key management device for a public key of PS and receives the same public key. The exchange in the other radio communication exchange system makes a check for authentication of PS based on the public key cryptosystem by use of the received public key. In the case where the authentication between each radio communication exchange system and PS results in success, each radio communication exchange system can determine a peculiar authentication key to inform PS of the peculiar authentication key so that the authentication of PS from that time onward is performed using the peculiar authentication key.

Citations

24 Claims

1. A radio communication exchange system managing a closed service area, and comprising at least one cell station for communicating with each of a plurality of personal stations entering said closed service area by a radio line and an exchange connected to said cell station, in which:
- each of said plurality of personal stations includes identification information storing means for storing predetermined identification information of said each personal station, and private key storing means for storing a private key defined inherent to said each personal station in a public key cryptosystem,said exchange includes public key requesting means by which, when a personal station enters said closed service area, a public key management device for storing and managing a public key as a counterpart key of a private key in said public key cryptosystem in association with said identification information of each of said plurality of personal stations is requested for a public key of said personal station thus entering, and receiving means for receiving said public key of said entering personal station from said public key management device, andinformation obtained by enciphering or deciphering information for authentication based on said public key received by said exchange and said private key stored in said entering personal station is transferred between said exchange and said entering personal, and said exchange authenticates said entering personal station by making, on the basis of said transferred information, judgement as to consistency between said public key received by said exchange and said private key stored in said entering personal station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23)
- - 2. A radio communication exchange system according to claim 1, wherein:
    - said exchange further includes authentication means for generating a random number as said information for authentication and transmitting the generated random number to said entering personal station,each of said plurality of personal stations further includes processing means for enciphering the random number transmitted from said exchange on the basis of said public key cryptosystem by use of the private key stored in said private key storing means and transmitting the enciphered random number as the result of operation to said exchange, andsaid authentication means deciphers the enciphered random number transmitted from said entering personal station on the basis of said public key cryptosystem by use of a personal key corresponding to said entering public station and authenticates said entering personal station when the deciphered random number corresponds to the generated random number.
  - 3. A radio communication exchange system according to claim 1, wherein:
    - said exchange further includes authentication means for generating a random number as said information for authentication, enciphering the generated random number on the basis of said public key cryptosystem by use of a public key corresponding to said entering personal station and transmitting the enciphered random number to said entering personal station,each of said plurality of personal stations further includes processing means for deciphering the enciphered random number transmitted from said exchange on the basis of said public key cryptosystem by use of the private key stored in said private key storing means and transmitting the deciphered random number as the result of operation to said exchange, andsaid authentication means authenticates said entering personal station when the deciphered random number transmitted from said personal station to be authenticated corresponds to the generated random number.
  - 4. A radio communication exchange system according to claim 3, wherein said authentication means performs the encipherment of the random number for each of said plurality of personal stations in advance, and having storing means for storing the enciphered random number in association with the identification information of each of said plurality of personal stations.
  - 5. A radio communication exchange system according to claim 2, wherein:
    - said authentication means generates, after the authentication of said entering personal station, a peculiar key for said personal station on the basis of a predetermined common key cryptosystem, stores said peculiar key in association with the identification information of said entering personal station, enciphers said peculiar key on the basis of said public key cryptosystem by use of the public key corresponding to said entering personal station, transmits the enciphered peculiar key to said entering personal station, and performs the authentication of said entering personal station from that time onward on the basis of said common key cryptosystem by use of said peculiar key through communication with said entering personal station, andsaid processing means deciphers the enciphered peculiar key transmitted from said authentication means on the basis of said public key cryptosystem by use of the private key stored in said private key storing means, stores the deciphered peculiar key into said private key storing means, and performs an operation for authentication of said entering personal station through communication with said exchange on the basis of said common key cryptosystem by use of the peculiar key stored in said private key storing means.
  - 6. A radio communication exchange system according to claim 3, wherein:
    - said authentication means generates, after the authentication of said entering personal station, a peculiar key for said entering personal station on the basis of a predetermined common key cryptosystem, stores said peculiar key in association with the identification information of said personal station, enciphers said peculiar key on the basis of said public key cryptosystem by use of the public key corresponding to said entering personal station, transmits the enciphered peculiar key to said entering personal station, and performs the authentication of said entering personal station from that time onward on the basis of said common key cryptosystem by use of said peculiar key through communication with said entering personal station, andsaid processing means deciphers the enciphered peculiar key transmitted from said authentication means on the basis of said public key cryptosystem by use of the private key stored in said private key storing means, stores the deciphered peculiar key into said private key storing means, and performs an operation for authentication of said entering personal station through communication with said exchange on the basis of said common key cryptosystem by use of the peculiar key stored in said private key storing means.
  - 7. A radio communication exchange system according to claim 1, wherein:
    - said exchange further includes authentication means for generating a peculiar key for said entering personal station on the basis of a predetermined common key cryptosystem, enciphering the generated peculiar key on the basis of said public key cryptosystem by use of the public key corresponding to said entering personal station, and transmitting the enciphered peculiar key and a generated random number to said entering personal station,each of said plurality of personal stations further includes processing means for deciphering the enciphered peculiar key transmitted from said exchange on the basis of said public key cryptosystem by use of the private key stored in said private key storing means, enciphering said random number on the basis of said common key cryptosystem by use of the deciphered peculiar key, and transmitting the enciphered random number as the result of operation to said exchange, andsaid authentication means authenticates said entering personal station when the enciphered random number transmitted from said entering personal station corresponds to a random number obtained by enciphering said generated random number on the basis of said common key cryptosystem by use of said peculiar key.
  - 8. A radio communication exchange system according to claim 1, wherein said exchange further includes storing means in which said public key received by said receiving means corresponding to said identification information is stored in association with said identification information, and said exchange performs said authentication by referring to said storing means to acquire said public key corresponding to said identification information.
  - 23. A radio communication exchange system according to claim 1, wherein said public key management device comprises:
    - storing means for storing a public key in association with predetermined identification information of each of said plurality of personal stations; and
      
      transmitting means for making, when a request for a public key corresponding to the identification information of each of said plurality of personal stations, a search of said storing means to acquire a public key corresponding to said identification information and transmitting the acquired public key to said exchange.

9. An exchange in a radio communication exchange system managing a closed service area, and comprising a cell station connected to said exchange for communicating with each of a plurality of personal stations entering said closed service area by a radio line, and a public key management device for managing a predetermined public key in association with predetermined identification information of each of said plurality of personal stations, each of said plurality of personal stations storing a private key, said exchange comprising:
- public key requesting means responsive to entrance of a personal station within said closed service area, for requesting said public key management device for a public key corresponding to identification information of said personal station thus entering; and
  
  receiving means for receiving said public key transmitted from said public key management device,in which information obtained by enciphering or deciphering information for authentication on the basis of said public key received by said exchange and said private key stored in said entering personal station is transferred between said exchange and said entering personal station, and said exchange authenticates said entering personal station by making, on the basis of said transferred information, judgement as to consistency between said public key received by said exchange and said private key stored in said entering personal station.

10. A public key management device in a radio communication exchange system managing a closed service area, and comprising an exchange connected to a cell station for communicating with each of a plurality of personal stations entering said closed service area by a radio line, said public key management device comprising:
- storing means for storing a predetermined public key in association with predetermined identification information of each of said plurality of personal stations; and
  
  transmitting means for making, when a request for a public key corresponding to the identification information of each of said plurality of personal stations, a search of said storing means to acquire a public key corresponding to said identification information and transmitting the acquired public key.

11. A personal station in a radio communication exchange system managing a closed service area, and comprising a cell station for communicating with said personal station by a radio line when said personal station enters said closed service area, and an exchange connected to said cell station, said personal station comprising:
- private key storing means for storing a private key of said personal station corresponding to a counterpart public key held in said exchange;
  
  processing means for performing authentication of said personal station on the basis of a predetermined public key cryptosystem by use of said private key stored in said private key storing means; and
  
  communicating means for communicating with said exchange to transfer therebetween information obtained by enciphering or deciphering information for authentication on the basis of said public key held in said exchange and said private key stored in said personal station.

12. A personal station authentication method in an exchange in a radio communication exchange system managing a closed service area and a plurality of personal stations, and comprising a cell station for communicating with each of said plurality of personal stations entering said closed service area by a radio line, an exchange connected to said cell station, and a public key management device for managing a predetermined public key in association with predetermined identification information of each of said plurality of personal stations, each of said plurality of personal stations storing a private key, said method comprising the steps of:
- requesting, when a personal station enters said closed service area, said public key management device for a public key corresponding to said identification information of said personal station thus entering;
  
  receiving said public key transmitted from said public key management device to said exchange;
  
  transferring information between said exchange and said entering personal station, which information is obtained by enciphering or deciphering information for authentication on the basis of said public key received by said exchange and said private key stored in said entering personal station; and
  
  making, on the basis of said transferred information, judgement as to consistency between said public key received by said exchange and said private key stored in said entering personal station to authenticate said entering personal station.

13. An authentication system for personal station authentication performed between a plurality of personal stations and at least one radio communication exchange system managing a respective closed service area, in which:
- each of said plurality of personal stations includes identification information storing means for storing predetermined identification information of said each personal station, and private key storing means for storing a private key defined inherent to said each personal station in a public key cryptosystem,said authentication system includes a public key management device for storing and managing a public key as a counterpart key of a private key in said public key cryptosystem in association with each of said plurality of personal stations,said radio communication system includes at least one cell station for communicating with each of said plurality of personal stations entering said closed service area by a radio line and an exchange connected to said cell station, andwhen a personal station enters said closed service area, said exchange transmits information for authentication to said personal station thus entering, said entering personal station performs an authentication operation on the basis of said private key stored in said entering personal station and transmits a result of said authentication operation to said exchange, and said exchange judges validity of the received result to authenticate registration of said entering personal station on the basis of consistency between said public key received by said exchange and said private key stored in said entering personal station.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 24)
- - 14. An authentication system according to claim 13, wherein said information for authentication includes a random number generated by said exchange, and said entering personal station enciphers the generated random number on the basis of said public key cryptosystem by use of said private key and transmits the enciphered random number to said exchange, and said exchange performs the authentication by judging whether the enciphered random number received from said entering personal station coincides with the result of the encipherment of the generated random number which is made in said exchange on the basis of said public key cryptosystem by use of said public key.
  - 15. An authentication system according to claim 13, wherein said information for authentication includes a random number enciphered in said exchange on the basis of said public key cryptosystem by use of said public key, andsaid entering personal station deciphers the enciphered random number on the basis of said public key cryptosystem by use of said private key and transmits the deciphered random number to said exchange, and said exchange performs the authentication by judging whether said deciphered random number received from said entering personal station coincides with said random number.
  - 16. An authentication system according to claim 13, wherein said information for authentication includes a random number and a peculiar key enciphered in said exchange on the basis of said public key cryptosystem by use of said public key, andsaid entering personal station deciphers the enciphered peculiar key on the basis of said public key cryptosystem by use of said private key, enciphers the random number on the basis of a predetermined common key cryptosystem by use of the deciphered peculiar key and transmits the enciphered random number to said exchange, and said exchange performs the authentication by judging whether said enciphered random number received from said entering personal station to be authenticated coincides with the result of the encipherment of said random number which is made in said exchange on the basis of said common key cryptosystem by use of said peculiar key.
  - 17. An authentication system according to claim 13, wherein after the authentication in said exchange using said public key, said exchange enciphers a peculiar key for use based on a common key cryptosystem in accordance with said public key cryptosystem by use of said public key and transmits a random number and the enciphered peculiar key to said entering personal station, said entering personal station deciphers said enciphered peculiar key on the basis of said public key cryptosystem by use of said private key, enciphers said random number on the basis of said predetermined common key cryptosystem by use of the deciphered peculiar key and transmits the enciphered random number to said exchange, and said exchange performs the authentication by judging whether said enciphered random number received from said entering personal station coincides with the result of the encipherment of said random number which is made in said exchange on the basis of said common key cryptosystem by use of said peculiar key.
  - 18. An authentication system according to claim 16, wherein first and second radio communication exchange systems each managing respectively first and second closed service areas are provided as said at least one radio communication exchange system,said entering personal station has a peculiar key storing means at which said peculiar key is to be stored, and said entering personal station stores a peculiar key of said first radio communication exchange system at said peculiar key storing position when said entering personal station enters said first closed service area and is authenticated by said first radio communication exchange system, and said entering personal station stores a peculiar key of said second radio communication exchange system at said peculiar key storing position when said entering personal station moves from said first closed service area to said second closed service area and is authenticated by said second radio communication exchange system.
  - 19. An authentication system according to claim 17, wherein said at least one radio communication exchange system includes first and second radio communication exchange systems,said entering personal station has a peculiar key storing position at which said peculiar key is to be stored, andsaid entering personal station stores a peculiar key of said first radio communication exchange system at said peculiar key storing position when said entering personal station is authenticated by said first radio communication exchange system and stores a peculiar key of said second radio communication exchange system at said peculiar key storing position when said entering personal station moves to said second radio communication exchange system and is authenticated by said radio communication exchange system.
  - 20. An authentication system according to claim 13, wherein said exchange comprises:
    - public key requesting means responsive to entrance of a personal station within said closed service area, for requesting said public key management device for a public key corresponding to identification information of said personal station thus entering; and
      
      receiving means for receiving said public key transmitted from said public key management device, in which information obtained by enciphering or deciphering information for authentication on the basis of said public key received by said exchange and said private key stored in said entering personal station is transferred between said exchange and said entering personal station, and said exchange authenticates said entering personal station by making, on the basis of said transferred information, judgement as to consistency between said public key received by said exchange and said private key stored in said entering personal station.
  - 21. An authentication system according to claim 20, wherein said public key management device comprises:
    - storing means for storing a public key in association with predetermined identification information of each of said plurality of personal stations; and
      
      transmitting means for making, when a request for a public key corresponding to the identification information of each of said plurality of personal stations, a search of said storing means to acquire a public key corresponding to said identification information and transmitting the acquired public key to said exchange.
  - 22. An authentication system according to claim 20, wherein said entering personal station comprises:
    - private key storing means for storing a private key of said entering personal station corresponding to a counterpart public key held in said exchange;
      
      processing means for performing authentication of said entering personal station on the basis of a predetermined public key cryptosystem by use of said private key stored in said private key storing means; and
      
      communicating means for communicating with said exchange to transfer therebetween information obtained by enciphering or deciphering information for authentication on the basis of said public key held in said exchange and said private key stored in said entering personal station.
  - 24. An authentication system according to claim 20, wherein said entering personal station further comprises communicating means for communicating with said exchange to transfer therebetween information obtained by enciphering or deciphering information for authentication on the basis of said public key held in said exchange and said private key stored in said entering personal station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Matsumoto, Norihisa, Tanaka, Kazuhisa, Hayashi, Masato, Matsui, Susumu
Primary Examiner(s)
Hunter, Daniel S.
Assistant Examiner(s)
Corsaro, Nick

Application Number

US08/943,221
Time in Patent Office

1,107 Days
Field of Search

380/21, 380/23, 380/25, 380/49, 380/30, 455/410, 455/411, 455/424, 455/433, 455/435
US Class Current

455/411
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/083   involving central third par...

H04L 9/3271   using challenge-response

H04W 84/16   WPBX [Wireless Private Bran...

Personal station authentication system and authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Personal station authentication system and authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links