Method and apparatus for automated SSD updates on an a-key entry in a mobile telephone system
First Claim
Patent Images
1. A method for sending an updated Authentication-Key (A-Key) value in a cellular telephone system, comprising the steps, performed by a processor of an Authentication Center (AC) portion of the system, of:
- finding that an authentication with a first A-Key has failed for a handset in the system;
determining whether the system is configured to allow automated A-Key updating for the Mobile Switching Center/Vistor Location Register (MSC/VLR) associated with the handset;
obtaining an alternate A-Key value if the result of the determining step is true;
generating Shared Secret Data (SSD) using the alternate A-Key if the result of the determining step is true; and
performing an SSD update by sending an SSD update message to the MSC/VLR associated with the handset if the result of the determining step is true.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for allowing an Authentication Center (AC) to configure whether or not to perform automated A-key updating for a handset if an authentication failure occurs during an operation attempted by the handset. The AC has access to a Subscriber database describing, among other things, an “alternate A-key” for at least some of the subscribers. The AC also has access to database that contains configuration information about various MSCs in the system.
-
Citations
16 Claims
-
1. A method for sending an updated Authentication-Key (A-Key) value in a cellular telephone system, comprising the steps, performed by a processor of an Authentication Center (AC) portion of the system, of:
-
finding that an authentication with a first A-Key has failed for a handset in the system;
determining whether the system is configured to allow automated A-Key updating for the Mobile Switching Center/Vistor Location Register (MSC/VLR) associated with the handset;
obtaining an alternate A-Key value if the result of the determining step is true;
generating Shared Secret Data (SSD) using the alternate A-Key if the result of the determining step is true; and
performing an SSD update by sending an SSD update message to the MSC/VLR associated with the handset if the result of the determining step is true. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
determining, when the SSD update is unsuccessful, that the A-Key in the handset is not the reason for the authentication failure; and
determining, when the SSD update is successful, that the A-Key in the handset was the reason for the authentication failure.
-
-
3. The method of claim 1, wherein the step of determining that an authentication failure has occurred for a handset in the system includes detecting at least one authentication failure from a group including:
- a unique challenge failure, an SSD update failure, and an AUTHU mismatch.
-
4. The method of claim 1, wherein the step of determining whether the system is configured to allow automated A-Key updating for the MSCNLR associated with the handset includes checking a system-wide flag to determine whether automated A-Key updating is allowed.
-
5. The method of claim 1, wherein the step of determining whether the system is configured to allow automated A-Key updating for the MSCNLR associated with the handset includes checking a flag for the MSCNLR to determine whether automated A-Key updating is allowed for the MSCNLR.
-
6. The method of claim 1, wherein the step of obtaining an alternate A-Key value includes the step of obtaining an alternate A-Key value from a Subscriber database for a subscriber associated with the handset.
-
7. The method of claim 1, wherein the step of obtaining an alternate A-Key value includes the step of obtaining an alternate A-Key value from an A-Key provisioning subsystem in the cellular telephone system.
-
16. The method of claim 1, wherein computer program instructions for performing the method steps are tangibly embodied on a computer readable medium.
-
8. An Authentication Center (AC) apparatus for sending an updated Authentication-Key (A-Key) value in a cellular telephone system, comprising:
-
a portion configured to find whether an authentication with a first A-Key has failed for a handset in the system;
a portion configured to determine whether the system is configured to allow automated A-Key updating for the Mobile Switching Center/Visitor Location Register (MSC/VLR) associated with the handset;
a portion configured to obtain an alternate A-Key value if the result of the determining portion is true;
a portion configured to generate Shared Secret Data (SSD) data using the alternate A-Key if the result of the determining portion is true; and
a portion configured to perform an SSD update by sending an SSD update message to the MSC/VLR associated with the handset if the result of the determining portion is true. - View Dependent Claims (9, 10, 11, 12, 13, 14)
a portion configured to determine, when the SSD update is unsuccessful, that the A-Key in the handset is not the reason for the authentication failure; and
a portion configured to determine, when the SSD update is successful, that the A-Key in the handset was the reason for the authentication failure.
-
-
10. The apparatus of claim 8, wherein the portion configured to determine that an authentication failure has occurred, includes detecting at least one authentication failure from a group including:
- a unique challenge failure, an SSD update failure, and an AUTHU mismatch.
-
11. The apparatus of claim 8, wherein the portion configured to determine whether the system is configured to allow automated A-Key updating for the MSC/VLR associated with the handset includes a portion configured to check a system-wide flag to determine whether automated A-Key updating is allowed.
-
12. The apparatus of claim 8, wherein the portion configured to determine whether the system is configured to allow automated A-Key updating for the MSC/VLR associated with the handset includes a portion configured to check a flag for the MSC/VLR to determine whether automated A-Key updating is allowed for the MSC/VLR.
-
13. The apparatus of claim 8, wherein the portion configured to obtain an alternate A-Key value includes a portion configured to obtain an alternate A-Key value from a Subscriber database for a subscriber associated with the handset.
-
14. The apparatus of claim 8, wherein the portion configured to obtain an alternate A-Key value includes a portion configured to obtain an alternate A-Key value from an A-Key provisioning subsystem in the cellular telephone system.
-
15. A computer program product comprising:
-
a computer usable medium having computer readable code embodied therein for updating an Authentication-Key (A-Key) value in a cellular telephone system, the computer program product including;
computer readable program code devices configured to cause a data processor to effect finding whether an authentication with a first A-Key has failed for a handset in the system;
computer readable program code devices configured to cause a data processor to effect determining whether the system is configured to allow automated A-Key updating for the Mobile Switching Center/Vistor Location Register (MSC/VLR) associated with the handset;
computer readable program code devices configured to cause a data processor to effect obtaining an alternate A-Key value if it is determined that the system is configured to allow automated A-Key updating;
computer readable program code devices configured to cause a data processor to effect generating Shared Secret Data (SSD) using the alternate AKey; and
computer readable program code devices configured to cause a data processor to effect performing an SSD update by sending an SSD update message to the MSC/VLR associated with the handset if authentication with the first A-Key failed.
-
Specification