Authentication and security in wireless communication system
First Claim
1. A method for authentication in a wireless communication system, comprising the steps of:
- establishing a wireless connection between a wireless access communication unit and a network, said wireless access communication unit connected to a plurality of non-wireless communication devices;
transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;
transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wirelessly connected to the network;
transmitting a numeric value from the network to said wireless access communication unit over the wireless connection;
receiving said numeric value at said wireless access communication unit;
generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
transmitting said signed response from said wireless access communication unit to the network over the wireless connection;
receiving said signed response at the network;
comparing the signed response to an authentication parameter derived at the network; and
disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter.
5 Assignments
0 Petitions
Accused Products
Abstract
A communication system having a wireless trunk for connecting multiple phone lines over wireless communication links to a cellular network comprises a central telephone switch, such as a private branch exchange or key system, connected through one or more trunk lines to a wireless access communication unit. The wireless access communication unit preferably comprises a separate subscriber interface for each trunk line from the central telephone switch. The wireless access communication unit collects data from each of the subscriber interfaces, formats the data into a format compatible with an over-the-air protocol, and transmits the information over one or more wireless channels to a cellular base station. The wireless access communication unit thereby connects calls received from the central telephone switch'"'"'s trunk lines over a wireless trunk to a network. A controller within the wireless access communication unit interfaces the subscriber interfaces with a radio transceiver, and assists in the conversion of data from a format suitable for wireless transmission. Authentication is carried out separately for each of the subscriber interfaces, thereby allowing the wireless access communication unit to represent itself as multiple individual subscribers to the network. Upon each initial registration, each subscriber interface derives its own ciphering key from a stored user key and uses it thereafter for encryption and decryption.
186 Citations
39 Claims
-
1. A method for authentication in a wireless communication system, comprising the steps of:
-
establishing a wireless connection between a wireless access communication unit and a network, said wireless access communication unit connected to a plurality of non-wireless communication devices;
transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;
transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wirelessly connected to the network;
transmitting a numeric value from the network to said wireless access communication unit over the wireless connection;
receiving said numeric value at said wireless access communication unit;
generating a signed response at said wireless access communication unit based upon said numeric value and a locally stored user key value associated with said subscriber port of said wireless access communication unit;
transmitting said signed response from said wireless access communication unit to the network over the wireless connection;
receiving said signed response at the network;
comparing the signed response to an authentication parameter derived at the network; and
disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said authentication parameter. - View Dependent Claims (2, 3, 4, 5, 6, 35, 36, 37, 38, 39)
-
-
7. A wireless access communication unit, comprising:
-
a plurality of subscriber ports connected to a local area telephone switch, whereby a plurality of communication paths can be established between said wireless access communication unit and a plurality of non-wireless communication devices;
a plurality of subscriber interfaces, each subscriber interface connected to one of said subscriber ports;
a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
a controller connected to said radio transceiver and said subscriber interfaces, said controller managing the transfer of ongoing call information between said radio transceiver and said subscriber interfaces; and
a subscriber identity module connected to one of said subscriber interfaces, said subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, said subscriber identity module outputting a signed response value in response to an authentication parameter received by said radio transceiver over said wireless connection. - View Dependent Claims (8, 9, 10)
-
-
11. A method for authentication in a wireless communication system, comprising the steps of:
-
connecting a wireless access communication unit to a plurality of non-wireless communication devices;
establishing a wireless connection between said wireless access communication unit and a network;
transmitting a plurality of subscriber identifiers from said wireless access communication unit to the network over the wireless connection, said subscriber identifiers corresponding to a plurality of subscriber ports of said wireless access communication unit, one subscriber identifier for each subscriber port;
transmitting a plurality of numeric values from the network to said wireless access communication unit over the wireless connection, one numeric value being transmitted in response to each of said subscriber identifiers;
receiving said numeric values at a radio unit of said wireless access communication unit;
routing said numeric values, under supervisions of a controller, to the subscriber port associated with the subscriber identifier to which the numeric value was sent in response;
generating a plurality of signed responses at said wireless access communication unit, one signed response for each of said subscriber ports, each signed response based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a locally stored user key value associated with the subscriber port;
transferring, under supervisions of said controller, said plurality of signed responses to said radio unit;
transmitting, from said radio unit, said signed responses from said wireless access communication unit to the network over the wireless connection; and
disallowing access to the network for any subscriber port unless said signed response for the subscriber port matches an authentication parameter derived at the network for the subscriber port, said authentication parameter based upon the numeric value corresponding to the subscriber identifier of the subscriber port and a network-stored user key value corresponding to the subscriber identifier of the subscriber port. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A communication system, comprising:
-
a wireless access communication unit, said wireless access communication unit comprising a plurality of user interfaces, each of said user interfaces permanently associated with a non-volatile storage containing a subscriber identifier and a user key value, said user interfaces connected to a plurality of non-wireless communication devices, said wireless access communication unit further comprising a multi-channel radio unit and a controller connected to said multi-channel radio unit and said plurality of user interfaces, said controller managing the transfer of ongoing call information between said radio unit and said user interfaces;
a base station comprising a radio unit whereby a wireless connection can be established between said wireless access communication unit and said base station;
a mobile switching center connected to said base station, said mobile center retrieving a set of authentication parameters for each of said user interfaces upon occurrence of selected events and providing at least one of said authentication parameters to said wireless access communication unit via said base station;
means located at said wireless access communication unit for receiving said at least one authentication parameter from said mobile switching center and for generating a signed response value based upon said at least one authentication parameter and said user key value; and
means located at said mobile switching center for receiving said signed response value from said wireless access communication unit and for comparing said signed response value to a second one of said authentication parameters. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for authentication in a communication system, comprising the steps of:
-
establishing, upon demand, wireless connections between a multi-channel radio unit of a wireless access communication unit and a cellular network, said wireless access communication unit comprising a plurality of subscriber ports connected over a plurality of non-wireless trunks to a plurality of users each capable of generating a call request to said wireless access communication unit;
transferring, under supervision of a controller of said wireless communication unit, information between said multi-channel radio unit and said subscriber ports while said multi-channel radio unit is wirelessly connected to said cellular network;
independently for each established wireless connection, transmitting under the supervision of said controller a subscriber identifier permanently associated with one of said subscriber ports from the wireless access communication unit to the cellular network;
independently for each established wireless connection, undertaking an authentication procedure at said cellular network based upon the subscriber identifier received at the cellular network, said authentication procedure resulting in a pass or fail; and
disallowing access to the cellular network for a subscriber port associated with a transmitted subscriber identifier unless the authentication procedure results in a pass for that subscriber identifier. - View Dependent Claims (26, 27, 28)
obtaining authentication parameters at said cellular network based upon the transmitted subscriber identifier, said authentication parameters comprising at least a numeric value and a first signed response value;
transmitting said numeric value from the cellular network to the wireless access communication unit;
receiving said numeric value at said wireless access communication unit;
generating a second signed response value at said wireless access communication unit based upon said numeric value;
transmitting said second signed response value from said wireless access communication unit to said cellular network;
receiving said second signed response value at said cellular network;
comparing said second signed response value to said first signed response value; and
declaring a pass if said first signed response value matches said second response value, or else declaring a fail.
-
-
28. The method of claim 27, wherein said step of obtaining authentication parameters at said cellular network comprises the step of retrieving stored authentication parameters from a database within said cellular network.
-
29. A method for authentication in a wireless communication system, comprising the steps of:
-
connecting a wireless access communication unit to a plurality of non-wireless communication devices;
establishing a wireless connection between said wireless access communication unit and a network;
transmitting a subscriber identifier from said wireless access communication unit to the network over the wireless connection, said subscriber identifier corresponding to one of a plurality of subscriber ports of said wireless access communication unit;
transferring, under supervision of a controller, information between a radio unit of said wireless access communication unit and said plurality of subscriber ports while said wireless access communication unit is wireless connected to the network;
transmitting an authentication parameter from the network to said wireless access communication unit over the wireless connection;
receiving said authentication parameter at said wireless access communication unit; and
generating an authentication key at said wireless access communication unit based upon said authentication parameter and a locally stored user key value associated with said subscriber port of said wireless access communication unit. - View Dependent Claims (30, 31)
transmitting said signed response from said wireless access communication unit to the network over the wireless connection; receiving said signed response at the network;
comparing the signed response to a second authentication parameter derived at the network; and
disallowing access to the network for the subscriber associated with said subscriber identifier unless said signed response matches said second authentication parameter.
-
-
31. The method of claim 29, wherein said authentication key comprises a ciphering key, said method further comprising the step of encrypting and decrypting messages transmitted across said wireless connection using said ciphering key.
-
32. A wireless access communication unit, comprising:
-
a plurality of subscriber ports connected to a local area telephone switch, whereby a plurality of communication paths can be established between said wireless access communication unit and a plurality of user devices including at least one non-wireless communication device;
a plurality of subscriber interfaces connected to said subscriber ports;
a radio transceiver for transmitting and receiving information over a wireless connection to a base station;
a controller connected to said radio transceiver and said subscriber interfaces, said controller managing the transfer of ongoing call information between said radio transceiver and said subscriber interfaces; and
a plurality of subscriber identity modules connected to said subscriber interfaces, each subscriber identity module permanently associated with one of said subscriber interfaces, each subscriber identity module comprising a non-volatile memory storing a subscriber identifier and a user key value, and each subscriber identity module outputting an authentication key in response to an authentication parameter received by said radio transceiver over said wireless connection for the subscriber identity module'"'"'s associated subscriber interface. - View Dependent Claims (33, 34)
-
Specification