Method for improved authentication for cellular phone transmissions
First Claim
1. As a part of a cellular-phone-call-initiating process, a method for authenticating a caller seeking access to a telephone network via transmission from a cellular terminal through a cellular-phone-service-provider station, each of said cellular terminal and said cellular-phone-service-provider station having a previously stored encrypted result and a unique key assigned to the caller, the method comprising the steps of:
- a. transmitting, from said cellular terminal, said previously-stored encrypted result to said cellular-phone-service-provider station;
b. authenticating by comparison whether said encrypted result transmitted from said cellular terminal matches said encrypted result previously stored in said cellular-phone-service-provider station;
c. calculating, at the cellular-phone-service-provider station, a new encrypted result by means of a first ciphering algorithm using a random number and said unique key assigned to the caller;
d. transmitting said random number from said cellular-phone-service-provider station to said cellular terminal; and
e. independent of said calculation in step (c), calculating, at the cellular terminal, said new encrypted result by means of a second ciphering algorithm using said transmitted random number and said unique key assigned to the caller;
wherein said new encrypted result calculated in step (c) is stored in said cellular-phone-service-provider station and said new encrypted result calculated in step (e) is stored in said cellular terminal for next authentication attempt.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication process is triggered when a subscriber of a GSM-type cellular-phone-network service attempts a call. In this process, an encrypted result, or a “signed response,” previously stored in the subscriber'"'"'s cellular phone, is transmitted to a Mobile Switching Center (MSC), and a Home Location Register (HLR) in the MSC compares the signed response to an encrypted result previously stored at an Authentication Center (AuC). If the signed response matches the stored encrypted result, the call is allowed to proceed; otherwise, access to a telephone network is denied. Proceeding with the call, the AuC generates a random number and derives a new encrypted result by means of a ciphering algorithm, e.g., a CAVE algorithm, using the random number and the subscriber'"'"'s unique key previously stored in a database at the AuC. The new encrypted result replaces the previously-stored encrypted result, and the MSC transmit the new random number to the cellular phone, which independently derives a new signed response by means of CAVE algorithm using the transmitted random number and the subscriber'"'"'s unique key stored in a Subscriber Identity Module (SIM) for the cellular phone. The new signed response is then stored in the cellular phone.
-
Citations
18 Claims
-
1. As a part of a cellular-phone-call-initiating process, a method for authenticating a caller seeking access to a telephone network via transmission from a cellular terminal through a cellular-phone-service-provider station, each of said cellular terminal and said cellular-phone-service-provider station having a previously stored encrypted result and a unique key assigned to the caller, the method comprising the steps of:
-
a. transmitting, from said cellular terminal, said previously-stored encrypted result to said cellular-phone-service-provider station;
b. authenticating by comparison whether said encrypted result transmitted from said cellular terminal matches said encrypted result previously stored in said cellular-phone-service-provider station;
c. calculating, at the cellular-phone-service-provider station, a new encrypted result by means of a first ciphering algorithm using a random number and said unique key assigned to the caller;
d. transmitting said random number from said cellular-phone-service-provider station to said cellular terminal; and
e. independent of said calculation in step (c), calculating, at the cellular terminal, said new encrypted result by means of a second ciphering algorithm using said transmitted random number and said unique key assigned to the caller;
wherein said new encrypted result calculated in step (c) is stored in said cellular-phone-service-provider station and said new encrypted result calculated in step (e) is stored in said cellular terminal for next authentication attempt. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
between steps (b) and (c), facilitating access to the telephone network for the caller if said encrypted result transmitted from said cellular terminal matches said encrypted result previously stored in said cellular-phone-service-provider station.
-
-
3. The method according to claim 2, wherein said step of facilitating access to the telephone network is performed at said cellular-phone-service-provider station.
-
4. The method according to claim 3, wherein step (b) is performed at said cellular-phone-service-provider station.
-
5. The method according to claim 4, wherein said first ciphering algorithm is a CAVE algorithm.
-
6. The method according to claim 5, wherein said second ciphering algorithm is a CAVE algorithm.
-
7. The method according to claim 6, wherein said cellular terminal comprises a cellular telephone and said cellular-phone-service-provider station comprises a mobile switching center.
-
8. The method according to claim 1, wherein step (b) is performed at said cellular-phone-service-provider station.
-
9. The method according to claim 8, further comprising the step of:
between steps (b) and (c), facilitating access to the telephone network for the caller if said encrypted result transmitted from said cellular terminal matches said encrypted result previously stored in said cellular-phone-service-provider station.
-
10. The method according to claim 9, wherein said first and second ciphering algorithms are a CAVE algorithm.
-
11. A method for authenticating a caller seeking access to a telephone network via transmission from a cellular terminal through a cellular-phone-service-provider station, which method minimizes the amount of transmission and calculation involved in authenticating said caller, each of said cellular terminal and said cellular-phone-service-provider station having a previously stored check message and a unique key assigned to the caller, the method comprising the steps of:
-
a. transmitting, from said cellular terminal, said previously-stored check message to, said cellular-phone-service-provider station;
b. authenticating by comparison whether said check message transmitted from said cellular terminal matches said check message previously stored in said cellular-phone-service-provider station;
c. facilitating access to the telephone network for the caller if said check message transmitted from said cellular terminal matches said check message previously stored in said cellular-phone-service-provider station;
d. calculating, at the cellular-phone-service-provider station, a new check message by means of a first ciphering algorithm using a first check element and a second check element;
e. transmitting said first check element from said cellular-phone-service-provider station to said cellular terminal; and
f. independent of said calculation in step (d), calculating, at the cellular terminal, said new check message by means of a second ciphering algorithm using said transmitted first check element and said second check element;
wherein said new check message calculated in step (d) is stored in said cellular-phone-service-provider station and said new check message calculated in step (f) is stored in said cellular terminal for next authentication attempt. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification