Wireless subscription portability
First Claim
Patent Images
1. A method for registering a wireless subscription to a wireless terminal, the method comprising the steps of:
- a) entering a user identifier) and a password) into the wireless terminal;
b) at the wireless terminal;
i) generating a public/private key pair;
ii) using the password to encrypt the wireless terminal'"'"'s public key according to a secure key exchange (SKE) protocol, thereby forming a first SKE message; and
iii) transmitting the user identifier and the first SKE message to a home system;
c) at the home system;
i) generating a public/private key pair;
ii) using the user identifier to determine the password;
iii) using the password to encrypt the home system'"'"'s public key according to an SKE protocol, thereby forming a second SKE message;
iv) transmitting the second SKE message to the wireless terminal;
v) using the password to decrypt the wireless terminal'"'"'s public key; and
vi) using the home system'"'"'s private key and the wireless terminal'"'"'s public key to form a session key;
d) at the wireless terminal;
i) using the password to decrypt the home system'"'"'s public key; and
ii) using the wireless terminal'"'"'s private key and the home system'"'"'s public key to form the session key; and
e) at both the wireless terminal and at the home system, using the session key to download all or part of a Virtual User Identification Module (VUIM) from the home system to the wireless terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A short Personal Identification Number (PIN) is used to transfer a subscription for wireless service to a new wireless terminal 104, thereby providing enhanced personal mobility to the subscriber. The transfer is rendered secure by the exchange of Diffie-Hellman Encrypted Key Exchange (DH-EKE) messages 110, 114.
-
Citations
27 Claims
-
1. A method for registering a wireless subscription to a wireless terminal, the method comprising the steps of:
-
a) entering a user identifier) and a password) into the wireless terminal;
b) at the wireless terminal;
i) generating a public/private key pair;
ii) using the password to encrypt the wireless terminal'"'"'s public key according to a secure key exchange (SKE) protocol, thereby forming a first SKE message; and
iii) transmitting the user identifier and the first SKE message to a home system;
c) at the home system;
i) generating a public/private key pair;
ii) using the user identifier to determine the password;
iii) using the password to encrypt the home system'"'"'s public key according to an SKE protocol, thereby forming a second SKE message;
iv) transmitting the second SKE message to the wireless terminal;
v) using the password to decrypt the wireless terminal'"'"'s public key; and
vi) using the home system'"'"'s private key and the wireless terminal'"'"'s public key to form a session key;
d) at the wireless terminal;
i) using the password to decrypt the home system'"'"'s public key; and
ii) using the wireless terminal'"'"'s private key and the home system'"'"'s public key to form the session key; and
e) at both the wireless terminal and at the home system, using the session key to download all or part of a Virtual User Identification Module (VUIM) from the home system to the wireless terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7)
a) transmitting the SKE messages from the source to an intermediate serving system; and
b) transmitting the SKE messages from the intermediate serving system to the destination.
-
-
5. The method of claim 4, further comprising the steps of:
-
a) using a first portion of the session key as an authentication key in subsequent authentications of the wireless terminal in the intermediate serving system; and
b) using a second portion of the session key as an encryption key in subsequent control signal transmissions.
-
-
6. The method of claim 1, wherein:
-
a) the public/private key pairs comprise Diffie-Hellman public/private key pairs; and
b) the SKE messages comprise Diffie-Hellman Encrypted Key Exchange (DH-EKE) messages.
-
-
7. The method of claim 1, wherein:
-
a) the step of using the password to encrypt the wireless terminal'"'"'s public key comprises the steps of;
i) first concatenating the wireless terminal'"'"'s public key with a first random number, thereby forming a first concatenated number; and
ii) using the password to encrypt the first concatenated number; and
b) the step of using the password to encrypt the home system'"'"'s public key comprises the steps of;
i) first concatenating the home system'"'"'s public key with a second random number, thereby forming a second concatenated number; and
ii) using the password to encrypt the second concatenated number.
-
-
8. Apparatus for registering a wireless subscription to a wireless terminal, the apparatus comprising:
-
a) means for entering a user identifier and a password into the wireless terminal;
b) at the wireless terminal;
i) means for generating a public/private key pair;
ii) means for using the password to encrypt the wireless terminal'"'"'s public key according to a secure key exchange (SKE) protocol, thereby forming a first SKE message; and
iii) means for transmitting the user identifier and the first SKE message to a home system;
c) at the home system;
i) means for generating a public/private key pair;
ii) means for using the user identifier to determine the password;
iii) means for using the password to encrypt the home system'"'"'s public key according to an SKE protocol, thereby forming a second SKE message;
iv) means for transmitting the second SKE message to the wireless terminal;
v) means for using the password to decrypt the wireless terminal'"'"'s public key; and
vi) means for using the home system'"'"'s private key and the wireless terminal'"'"'s public key to form a session key;
d) at the wireless terminal;
i) means for using the password to decrypt the home system'"'"'s public key; and
ii) means for using the wireless terminal'"'"'s private key and the home system'"'"'s public key to form the session key; and
e) at both the wireless terminal and at the home system, means for using the session key to download all or part of a Virtual User Identification Module (VUIM) from the home system to the wireless terminal. - View Dependent Claims (9, 10, 11, 12, 13, 14)
a) means for transmitting the SKE messages from the source to an intermediate serving system; and
b) means for transmitting the SKE messages from the intermediate serving system to the destination.
-
-
12. The apparatus of claim 11, further comprising:
-
a) means for using a first portion of the session key as an authentication key in subsequent authentications of the wireless terminal in the intermediate serving system; and
b) means for using a second portion of the session key as an encryption key in subsequent control signal transmissions.
-
-
13. The apparatus of claim 8, wherein:
-
a) the public/private key pairs comprise Diffie-Hellman public/private key pairs; and
b) the SKE messages comprise Diffie-Hellman Encrypted Key Exchange (DH-EKE) messages.
-
-
14. The apparatus of claim 8, wherein:
-
a) the means for using the password to encrypt the wireless terminal'"'"'s public key comprises;
i) means for first concatenating the wireless terminal'"'"'s public key with a first random number, thereby forming a first concatenated number; and
ii) means for using the password to encrypt the first concatenated number; and
b) the means for using the password to encrypt the home system'"'"'s public key comprises;
i) means for first concatenating the home system'"'"'s public key with a second random number, thereby forming a second concatenated number; and
ii) means for using the password to encrypt the second concatenated number.
-
-
15. A wireless terminal constructed to:
-
a) receive a user identifier and a password into the wireless terminal;
b) generate a public/private key pair;
c) use the password to encrypt the wireless terminal'"'"'s public key according to a secure key exchange (SKE) protocol, thereby forming an SKE message;
d) transmit the user identifier and the SKE message to a home system;
e) receive an encrypted public key from the home system;
f) use the password to decrypt the encrypted public key from the home system;
g) use the wireless terminal'"'"'s private key and the home system'"'"'s public key to form the session key; and
h) use the session key to download all or part of a Virtual User Identification Module (VUIM) from the home system to the wireless terminal. - View Dependent Claims (16, 17, 18, 19, 20, 21)
a) means for transmitting the SKE messages from the source to an intermediate serving system; and
b) means for transmitting the SKE messages from the intermediate serving system to the destination.
-
-
19. The terminal of claim 18, wherein a portion of the terminal constructed to encrypt the terminal'"'"'s public key comprises:
-
a) means for using a first portion of the session key as an authentication key in subsequent authentications of the wireless terminal in the intermediate serving system; and
b) means for using a second portion of the session key as an encryption key in subsequent control signal transmissions.
-
-
20. The terminal of claim 15, wherein:
-
a) the public/private key pairs comprise Diffie-Hellman public/private key pairs; and
b) the SKE messages comprise Diffie-Hellman Encrypted Key Exchange (DH-EKE) messages.
-
-
21. The terminal of claim 15, wherein:
-
a) a portion of the terminal constructed to use the password to encrypt the wireless terminal'"'"'s public key comprises;
i) means for first concatenating the wireless terminal'"'"'s public key with a first random number, thereby forming a first concatenated number; and
ii) means for using the password to encrypt the first concatenated number; and
b) a portion of the terminal constructed to use the password to encrypt the home system'"'"'s public key comprises;
i) means for first concatenating the home system'"'"'s public key with a second random number, thereby forming a second concatenated number; and
ii) means for using the password to encrypt the second concatenated number.
-
-
22. A home system constructed to:
-
a) generate a public/private key pair;
b) receive a user identifier and an encrypted public key from a wireless terminal;
c) use the user identifier to determine password;
d) use the password to encrypt the home system'"'"'s public key according to a secure key exchange (SKE) protocol, thereby forming a SKE message;
e) transmit the SKE message;
f) use the password to decrypt the wireless terminal'"'"'s public key;
g) use the home system'"'"'s private key and the wireless terminal'"'"'s public key to form a session key; and
h) use the session key to download all or part of a Virtual User Identification Module (VUIM) from the home system to the wireless terminal. - View Dependent Claims (23, 24, 25, 26, 27)
a) means for transmitting the SKE messages from the source to an intermediate serving system; and
b) means for transmitting the SKE messages from the intermediate serving system to the destination.
-
-
25. The system of claim 24, further comprising:
-
a) means for using a first portion of the session key as an authentication key in subsequent authentications of the wireless terminal in the intermediate serving system; and
b) means for using a second portion of the session key as an encryption key in subsequent control signal transmissions.
-
-
26. The system of claim 22, wherein:
-
a) the public/private key pairs comprise Diffie-Hellman public/private key pairs; and
b) the SKE messages comprise Diffie-Hellman Encrypted Key Exchange (DH-EKE) messages.
-
-
27. The system of claim 22, wherein:
-
a) a portion of the terminal constructed to use the password to encrypt the wireless terminal'"'"'s public key comprises;
i) means for first concatenating the wireless terminal'"'"'s public key with a first random number, thereby forming a first concatenated number; and
ii) means for using the password to encrypt the first concatenated number; and
b) a portion of the terminal constructed to use the password to encrypt the home system'"'"'s public key comprises;
i) means for first concatenating the home system'"'"'s public key with a second random number, thereby forming a second concatenated number; and
ii) means for using the password to encrypt the second concatenated number.
-
Specification