Management of authentication keys in a mobile communication system
First Claim
1. A method for managing authentication keys in a mobile communication system comprising at least one authentication center, base stations and mobile stations to which subscriber identity modules may be coupled and which communicate with said base stations, the method comprising the following steps:
- generating authentication keys and identifiers corresponding thereto each of which identifiers is independent of a mobile subscriber identity, by means of which authentication keys corresponding to the identifiers may be found in said authentication center, storing said authentication keys in said authentication center so that said authentication keys may be found in said authentication center on the basis of said identifiers, and storing said authentication keys and said identifiers corresponding to the authentication keys to said subscriber identity modules.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and mobile communication system for managing authentication keys, the system having at least one authentication center, base stations and mobile stations to which subscriber identity modules may be coupled and which communicate with the base stations. The authentication keys are managed by: generating authentication keys and identifiers corresponding thereto, each of which identifiers is independent of a mobile subscriber identity, which allow authentication keys corresponding to the identifiers to be found in the authentication center, storing the authentication keys in the authentication center so that the authentication keys may be found in the authentication center on the basis of the identifiers, and storing the authentication keys and the identifiers corresponding to the authentication keys to the subscriber identity modules.
108 Citations
15 Claims
-
1. A method for managing authentication keys in a mobile communication system comprising at least one authentication center, base stations and mobile stations to which subscriber identity modules may be coupled and which communicate with said base stations, the method comprising the following steps:
-
generating authentication keys and identifiers corresponding thereto each of which identifiers is independent of a mobile subscriber identity, by means of which authentication keys corresponding to the identifiers may be found in said authentication center, storing said authentication keys in said authentication center so that said authentication keys may be found in said authentication center on the basis of said identifiers, and storing said authentication keys and said identifiers corresponding to the authentication keys to said subscriber identity modules. - View Dependent Claims (2, 3, 4)
transmitting said identifier stored in said subscriber identity module from said mobile station to a base station of the mobile communication system, retrieving, on the basis of said identifier, an authentication key corresponding to said identifier from said authentication center, carrying out authentication by means of the authentication key retrieved on the basis of said identifier.
-
-
3. The method as claimed in claim 2, wherein said mobile station or the subscriber using it is authenticated by means of said authentication key.
-
4. The method as claimed in claim 2, wherein said mobile communication system is authenticated by means of said authentication key.
-
5. A method for managing authentication keys in a mobile communication system comprising at least one authentication center, base stations, and mobile stations which are provided with identifiers and which communicate with said base stations and to which subscriber identity modules may be connected, as well as at least one subscriber database which stores each subscriber'"'"'s subscriber data, the method comprising the following steps:
-
generating authentication keys and identifiers corresponding thereto, each of which identifiers is independent of a mobile subscriber identity, by means of which an authentication key corresponding to the identifier in question may be found in said authentication center, storing in each subscriber identity module an authentication key to which a specific identifier corresponds, storing said authentication keys in the authentication center of the mobile communication system so that said authentication keys may be found in said authentication center on the basis of said identifiers, and storing said identifier in said at least one subscriber database in association with the subscriber data of said subscriber. - View Dependent Claims (6, 7, 8)
sending, when carrying out authentication, said identifier stored in said subscriber database to said authentication center, retrieving, on the basis of said identifier, the authentication key corresponding thereto from said authentication center, and carrying out authentication by means of the authentication key retrieved on the basis of said identifier.
-
-
7. The method as claimed in claim 6, wherein said mobile station or the subscriber using it is authenticated by means of said authentication key.
-
8. The method as claimed in claim 6, wherein said mobile communication system is authenticated by means of said authentication key.
-
9. A method for managing authentication keys in a mobile communication system comprising at least one authentication center, mobile stations to which subscriber identity modules may be coupled, at least one subscriber database for storing subscriber data of a mobile station, and base stations communicating with the mobile stations, the method comprising the following steps:
-
generating, in a centralized manner in one location of the mobile communication system, authentication keys required in the authentication, and identifiers corresponding to the authentication keys, each of which identifiers is independent of a mobile subscriber identity, storing said authentication keys in said authentication center so that said authentication keys may be found in said authentication center on the basis of said identifiers, storing one of the authentication keys in a subscriber identity module, storing the mobile subscriber identity in said subscriber identity module following the generating and storing of said authentication keys and said identifiers. - View Dependent Claims (10, 11, 12, 13, 14)
storing said identifier generated in connection with generating said authentication keys at the same time also in the same subscriber identity module with the authentication key corresponding to said identifier. -
11. The method as claimed in claim 10, wherein
storing, for pointing to the authentication key stored in said authentication center of the mobile communication system, the subscriber identity and said identifier associated with it in the subscriber database of the mobile communication system simultaneously with storing said subscriber identity in said subscriber identity module. -
12. The method as claimed in claim 10, wherein
sending, for pointing to the authentication key stored in the authentication center of the mobile communication system, the subscriber identity and said identifier stored in the subscriber identity module from the mobile station to the mobile communication system. -
13. The method as claimed in claim 9, wherein
attaching said identifier generated in connection with generating the authentication keys to the subscriber identity module to which the authentication key corresponding to said identifier is stored, so that said identifier is available when the subscriber identity is stored in the subscriber database. -
14. The method as claimed in claim 13, wherein
storing, in the subscriber database of the mobile communication system, the subscriber identity and said identifier associated with said subscriber identity as previously attached to said subscriber identity module in order to point to the authentication key stored in the authentication center of the mobile communication system simultaneously with storing said subscriber identity in said subscriber identity module.
-
-
15. A mobile communication system comprising at least one authentication center containing authentication keys, base stations and mobile stations which communicate with said base stations and to which subscriber identity modules may be coupled, comprising
an identifier generating means for generating identifiers, each of which identifiers is independent of a mobile subscriber identity, and which correspond to the authentication keys required in the authentication and on the basis of which said authentication keys may be found in said authentication center when authentication is being carried out.
Specification