Authentication and security in wireless communication system

US 6,580,906 B2
Filed: 12/10/1997
Issued: 06/17/2003
Est. Priority Date: 12/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for authentication in a wireless communication system, comprising the steps of:

establishing a wireless connection between a wireless access communication unit and a network, said wireless access communication unit connected to a plurality of non-wireless communication devices;

transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;

transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wirelessly connected to the network;

transmitting a numeric value from the network to said wireless access communication unit over the wireless connection;

receiving said numeric value at said wireless access communication unit;

generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;

transmitting said signed response from said wireless access communication unit to the network over the wireless connection;

receiving said signed response at the network;

comparing the signed response to an authentication parameter derived at the network; and

disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network comprises a central telephone switch, such as a private branch exchange or key system, connected through one or more trunk lines to a wireless access communication unit. The wireless access communication unit preferably comprises a separate subscriber interface for each trunk line from the central telephone switch. The wireless access communication unit collects data from each of the subscriber interfaces, formats the data into a format compatible with an over-the-air protocol, and transmits the information over one or more wireless channels to a cellular base station. The wireless access communication unit thereby connects calls received from the central telephone switch'"'"'s trunk lines over a wireless trunk to a network. A controller within the wireless access communication unit interfaces the subscriber interfaces with a radio transceiver, and assists in the conversion of data from a format suitable for wireless transmission. Authentication is carried out separately for each of the subscriber interfaces, thereby allowing the wireless access communication unit to represent itself as multiple individual subscribers to the network. Upon each initial registration, each subscriber interface derives its own ciphering key from a stored user key and uses it thereafter for encryption and decryption.

186 Citations

39 Claims

1. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network, said wireless access communication unit connected to a plurality of non-wireless communication devices;
  
  transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;
  
  transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wirelessly connected to the network;
  
  transmitting a numeric value from the network to said wireless access communication unit over the wireless connection;
  
  receiving said numeric value at said wireless access communication unit;
  
  generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
  
  transmitting said signed response from said wireless access communication unit to the network over the wireless connection;
  
  receiving said signed response at the network;
  
  comparing the signed response to an authentication parameter derived at the network; and
  
  disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 35, 36, 37, 38, 39)
- - 2. The method of claim 1, wherein said step of transmitting a subscriber identifier from said wireless access communication unit is carried out upon registration of the subscriber associated with said subscriber identifier.
  - 3. The method of claim 1, wherein said step of transmitting a subscriber identifier from said wireless access communication unit is carried out upon an attempt to establish a call.
  - 4. The method of claim 1, further comprising the step of completing a call from a user connected to said wireless access communication unit to the network if access to the network is not disallowed, said call being associated with said subscriber identifier.
  - 5. The method of claim 4, further comprising the step of completing a said call from said first user and completing a second call from a second user connected to said wireless access communication unit, said second call being associated with the same subscriber identifier.
  - 6. The method of claim 1, further comprising the step of generating a ciphering key from said user key value and said numeric value.
  - 35. The method of claim 1, wherein said wireless access communication unit comprises a plurality of subscriber identity modules, each of said subscriber identity modules respectively associated with one of said plurality of subscriber ports, and each of said subscriber modules permanently storing a unique subscriber identifier for identifying the subscriber port as a separate and individual logical entity to the network.
  - 36. The method of claim 35, wherein each of said subscriber identity modules permanently and securely stores a user key value associated with the subscriber port.
  - 37. The method of claim 36, wherein said step of generating the signed response at said wireless access communication unit based upon said numeric value and said locally stored user key value associated with said subscriber port is carried out securely by the subscriber identity module associated with said subscriber port.
  - 38. The method of claim 35, wherein said wireless access communication unit comprises a plurality of subscriber interface hardware sections, each subscriber interface hardware section comprising one of said subscriber identity modules and subscriber interface electronics connected to the associated subscriber port, wherein said step of transferring, under supervision of said controller, information between said radio unit and said plurality of subscriber ports comprises the step of transferring information between said radio unit and said subscriber ports via the subscriber interface electronics connected to the subscriber port.
  - 39. The method of claim 1, wherein wireless communication between the wireless access communication unit and the network is carried out using a spread spectrum technique.

7. A wireless access communication unit, comprising:
- a plurality of subscriber ports connected to a local area telephone switch, whereby a plurality of communication paths can be established between said wireless access communication unit and a plurality of non-wireless communication devices;
  
  a plurality of subscriber interfaces, each subscriber interface connected to one of said subscriber ports;
  
  a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
  
  a controller connected to said radio transceiver and said subscriber interfaces, said controller managing the transfer of ongoing call information between said radio transceiver and said subscriber interfaces; and
  
  a subscriber identity module connected to one of said subscriber interfaces, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting a signed response value in response to an authentication parameter received by said radio transceiver over said wireless connection.
- View Dependent Claims (8, 9, 10)
- - 8. The wireless access communication unit of claim 7, wherein said authentication parameter comprises a random numeric value.
  - 9. The wireless access communication unit of claim 7, wherein said subscriber identity module outputs a ciphering key in response to said authentication parameter and said user key value.
  - 10. The wireless access communication unit of claim 9, wherein said controller utilizes said ciphering key to encrypt and decrypt information transferred between said radio transceiver and said subscriber interface.

11. A method for authentication in a wireless communication system, comprising the steps of:
- connecting a wireless access communication unit to a plurality of non-wireless communication devices;
  
  establishing a wireless connection between said wireless access communication unit and a network;
  
  transmitting a plurality of subscriber identifiers from said wireless access communication unit to the network over the wireless connection, said subscriber identifiers corresponding to a plurality of subscriber ports of said wireless access communication unit, one subscriber identifier for each subscriber port;
  
  transmitting a plurality of numeric values from the network to said wireless access communication unit over the wireless connection, one numeric value being transmitted in response to each of said subscriber identifiers;
  
  receiving said numeric values at a radio unit of said wireless access communication unit;
  
  routing said numeric values, under supervisions of a controller, to the subscriber port associated with the subscriber identifier to which the numeric value was sent in response;
  
  generating a plurality of signed responses at said wireless access communication unit, one signed response for each of said subscriber ports, each signed response based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a locally stored user key value associated with the subscriber port;
  
  transferring, under supervisions of said controller, said plurality of signed responses to said radio unit;
  
  transmitting, from said radio unit, said signed responses from said wireless access communication unit to the network over the wireless connection; and
  
  disallowing access to the network for any subscriber port unless said signed response for the subscriber port matches an authentication parameter derived at the network for the subscriber port, said authentication parameter based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a network-stored user key value corresponding to the subscriber identifier of the subscriber port.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein said step of transmitting a plurality of subscriber identifiers from said wireless access communication unit to said network is carried out individually for each subscriber port upon registration with the network.
  - 13. The method of claim 11, wherein said step of transmitting a plurality of subscriber identifiers from said wireless access communication unit to said network is carried out upon an attempt to establish calls through said subscriber ports.
  - 14. The method of claim 11, further comprising the step of completing a call through one of said subscriber ports from a user connected to said wireless access communication unit to the network if access to the network is not disallowed for that subscriber port.
  - 15. The method of claim 14, further comprising the step of completing a said call from said first user and completing a second call through said one of said subscriber ports from a second user connected to said wireless access communication unit.
  - 16. The method of claim 11, further comprising the step of generating a plurality of ciphering keys, one ciphering key for each of said subscriber ports, each ciphering key being generated from said numeric value corresponding to the subscriber identifier of the subscriber port and said locally stored user key value associated with the subscriber port.

17. A communication system, comprising:
- a wireless access communication unit, said wireless access communication unit comprising a plurality of user interfaces, each of said user interfaces permanently associated with a non-volatile storage containing a subscriber identifier and a user key value, said user interfaces connected to a plurality of non-wireless communication devices, said wireless access communication unit further comprising a multi-channel radio unit and a controller connected to said multi-channel radio unit and said plurality of user interfaces, said controller managing the transfer of ongoing call information between said radio unit and said user interfaces;
  
  a base station comprising a radio unit whereby a wireless connection can be established between said wireless access communication unit and said base station;
  
  a mobile switching center connected to said base station, said mobile center retrieving a set of authentication parameters for each of said user interfaces upon occurrence of selected events and providing at least one of said authentication parameters to said wireless access communication unit via said base station;
  
  means located at said wireless access communication unit for receiving said at least one authentication parameter from said mobile switching center and for generating a signed response value based upon said at least one authentication parameter and said user key value; and
  
  means located at said mobile switching center for receiving said signed response value from said wireless access communication unit and for comparing said signed response value to a second one of said authentication parameters.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The communication system of claim 17, wherein one of said selected events comprises a registration request by said wireless access communication unit pertaining to one of said user interfaces.
  - 19. The communication system of claim 17, wherein one of said selected events comprises an attempt to establish a call from a user connected to one of said user interfaces to said network across said wireless access communication unit.
  - 20. The communication system of claim 19, wherein said mobile switching center further comprises means for allowing said call to be established if said signed response value matches said second one of said authentication parameters, and for otherwise preventing said call from being established.
  - 21. The communication system of claim 17, wherein said set of authentication parameters is stored in a home location register connected to said mobile switching center.
  - 22. The communication system of claim 17, wherein said authentication parameters are retrieved by the mobile switching center using a subscriber identity corresponding to the user interface.
  - 23. The communication system of claim 17, wherein said set of authentication parameters comprises a random number, said random number generated at a location remote from said mobile switching center.
  - 24. The communication system of claim 17, wherein said set of authentication parameters comprises a ciphering key.

25. A method for authentication in a communication system, comprising the steps of:
- establishing, upon demand, wireless connections between a multi-channel radio unit of a wireless access communication unit and a cellular network, said wireless access communication unit comprising a plurality of subscriber ports connected over a plurality of non-wireless trunks to a plurality of users each capable of generating a call request to said wireless access communication unit;
  
  transferring, under supervision of a controller of said wireless communication unit, information between said multi-channel radio unit and said subscriber ports while said multi-channel radio unit is wirelessly connected to said cellular network;
  
  independently for each established wireless connection, transmitting under the supervision of said controller a subscriber identifier permanently associated with one of said subscriber ports from the wireless access communication unit to the cellular network;
  
  independently for each established wireless connection, undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network, said authentication procedure resulting in a pass or fail; and
  
  disallowing access to the cellular network for a subscriber port associated with a transmitted subscriber identifier unless the authentication procedure results in a pass for that subscriber identifier.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein each subscriber identifier is permanently associated with one of said non-wireless trunks.
  - 27. The method of claim 25, wherein said step of undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network comprises the steps of:
28. The method of claim 27, wherein said step of obtaining authentication parameters at said cellular network comprises the step of retrieving stored authentication parameters from a database within said cellular network.

29. A method for authentication in a wireless communication system, comprising the steps of:
- connecting a wireless access communication unit to a plurality of non-wireless communication devices;
  
  establishing a wireless connection between said wireless access communication unit and a network;
  
  transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;
  
  transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wireless connected to the network;
  
  transmitting an authentication parameter from the network to said wireless access communication unit over the wireless connection;
  
  receiving said authentication parameter at said wireless access communication unit; and
  
  generating an authentication key at said wireless access communication unit based upon said authentication parameter and a locally stored user key value associated with said subscriber port of said wireless access communication unit.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29, wherein said authentication key comprises a signed response, said method further comprising the steps of
31. The method of claim 29, wherein said authentication key comprises a ciphering key, said method further comprising the step of encrypting and decrypting messages transmitted across said wireless connection using said ciphering key.

32. A wireless access communication unit, comprising:
- a plurality of subscriber ports connected to a local area telephone switch, whereby a plurality of communication paths can be established between said wireless access communication unit and a plurality of user devices including at least one non-wireless communication device;
  
  a plurality of subscriber interfaces connected to said subscriber ports;
  
  a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
  
  a controller connected to said radio transceiver and said subscriber interfaces, said controller managing the transfer of ongoing call information between said radio transceiver and said subscriber interfaces; and
  
  a plurality of subscriber identity modules connected to said subscriber interfaces, each subscriber identity module permanently associated with one of said subscriber interfaces, each subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, and each subscriber identity module outputting an authentication key in response to an authentication parameter received by said radio transceiver over said wireless connection for the subscriber identity module'"'"'s associated subscriber interface.
- View Dependent Claims (33, 34)
- - 33. The wireless access communication unit of claim 32, wherein said authentication key comprises a signed response, wherein said radio transceiver transmits said signed response over said wireless connection to said base station.
  - 34. The wireless access communication unit of claim 32, wherein said authentication key comprises a ciphering key, wherein said controller encrypts and decrypts information transferred to and from said subscriber interface using said ciphering key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Menon, Narayan P., Bilgic, Izzet M.
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
Holmes, Michael B.

Application Number

US08/988,505
Publication Number

US 20030033522A1
Time in Patent Office

2,015 Days
Field of Search

455/403-466
US Class Current

455/422.1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

H04W 4/18   Information format or conte...

H04W 60/00   Affiliation to network, e.g...

H04W 74/00   Wireless channel access

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 84/14   WLL [Wireless Local Loop]; ...

Authentication and security in wireless communication system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and security in wireless communication system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links