Method for repeated authentication of a user subscription identity module

US 6,950,521 B1
Filed: 06/13/2000
Issued: 09/27/2005
Est. Priority Date: 06/13/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a user identity module communicatively coupled with a mobile shell having an established security association with a server network, the method comprising:

receiving a first message from the mobile shell;

determining a second message based upon the first message and a first key known to the server network and unknown to the mobile shell;

wherein the first key is generated during the establishment of the security association; and

providing the second message to the server network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for improving an established Authentication and Key Agreement procedure which prevents rogue mobiles from fraudulently gaining access to a communication system. The communication system periodically broadcasts a challenge interrogation message requesting that a mobile, which is currently validated to use the system, to authenticate itself to the system. The mobile computes an authentication response based on information known only to the communication system and the USIM of the mobile and transmits said response to the communication system. The communication system also computes an authentication response and compares said response with that received from the mobile. A mobile is authenticated by the communication system when the two authentication responses are equal. Otherwise, the mobile is not given access to the communication system.

55 Citations

View as Search Results

18 Claims

1. A method of authenticating a user identity module communicatively coupled with a mobile shell having an established security association with a server network, the method comprising:
- receiving a first message from the mobile shell;
  
  determining a second message based upon the first message and a first key known to the server network and unknown to the mobile shell;
  
  wherein the first key is generated during the establishment of the security association; and
  
  providing the second message to the server network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein receiving the first message from the mobile shell comprises receiving the first message in response to a challenge interrogation message provided by the server network.
  - 3. The method of claim 2, wherein receiving the first message in response to the challenge interrogation message comprises receiving the first message from the mobile shell in response to at least one of a unique challenge interrogation message and a global challenge interrogation message.
  - 4. The method of claim 2, wherein receiving the first message comprises receiving a random number provided by the server network.
  - 5. The method of claim 4, wherein determining the second message comprises applying a non-reversible algorithmic function to the random number and the first key known to the server network and not known to the mobile shell.
  - 6. The method of claim 1, wherein receiving the first message from the mobile shell comprises receiving a first message formed by the mobile shell using a third message and a second key known to the mobile shell and the server network.
  - 7. The method of claim 6, wherein receiving the first message from the mobile shell comprises receiving the first message formed by the mobile shell using a third message and an integrity key known to the mobile shell and the server network.
  - 8. The method of claim 1, wherein providing the second message to the server network comprises providing the second message to the mobile shell, and wherein the mobile shell is configured to provide at least the second message to the server network.
  - 9. The method of claim 1, wherein determining the second message based upon the first key known to the server network and not known to the mobile shell comprises determining the second message based upon an anonymity key known to the server network and not known to the mobile shell.

10. A method of authentication by a server network having an established security association with a mobile shell communicatively coupled with a user identity module, the method comprising:
- establishing a security association with the mobile shell;
  
  receiving a first message from the mobile shell; and
  
  authenticating the mobile shell based upon the first message and a first key known to the user identity module and unknown to the mobile shell; and
  
  wherein the first key is generated during the establishment of the security association.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein receiving the first message from the mobile shell comprises:
    - providing a second message to the mobile shell after the security association has been established; and
      
      receiving the first message in response to the second message.
  - 12. The method of claim 11, wherein providing the second message comprises providing at least one of a unique challenge interrogation message and a global challenge interrogation message.
  - 13. The method of claim 11, wherein providing the second message comprises providing a random number.
  - 14. The method of claim 13, wherein receiving the first message comprises receiving a first message formed by the user identity module based upon the random number and the first key known to the user identity module and not known to the mobile shell.
  - 15. The method of claim 11, wherein authenticating the mobile shell based upon the first message and the first key known to the user identity module and not known to the mobile shell comprises:
    - determining a fifth message based upon a portion of the second message and the first key known to the user identity module and not known to the mobile shell;
      
      comparing the first message and the fifth message; and
      
      authenticating the mobile shell when a portion of the first message is equal to a portion of the fifth message.
  - 16. The method of claim 15, wherein determining the fifth message comprises applying a non-reversible algorithmic function to the portion of the second message and the first key known to the user identity module and not known to the mobile shell.
  - 17. At the method of claim 10, wherein receiving the first message comprises receiving a third message formed by the user identity module based upon the first key and a fourth message formed by the mobile shell using a second key known to the mobile shell.
  - 18. The method of claim 17, wherein authenticating the mobile shell based upon the first message and the first key known to the user identity module and not known to the mobile shell comprises:
    - generating a sixth message based upon the first and second keys; and
      
      comparing the first message and the sixth message; and
      
      authenticating the mobile shell when a portion of the first message is equal to a portion of the sixth message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Marcovici, Michael, Mizikovsky, Semyon B
Primary Examiner(s)
Barron, Gilberto
Assistant Examiner(s)
Kim, Jung W

Application Number

US09/592,337
Time in Patent Office

1,932 Days
Field of Search

713/169, 713/170, 380/249
US Class Current

380/249
CPC Class Codes

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

Method for repeated authentication of a user subscription identity module

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for repeated authentication of a user subscription identity module

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links