Enhanced subscriber authentication protocol

US 7,123,721 B2
Filed: 06/04/2001
Issued: 10/17/2006
Est. Priority Date: 12/04/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of:

a) said second correspondent obtaining said public key of said first correspondent;

b) said second correspondent sending a short-lived public key and said second correspondent'"'"'s identity to said first correspondent;

c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom;

d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent'"'"'s identity, a random challenge, and said short-lived public key;

e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration;

f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent'"'"'s public key to generate said pair of secret keys;

g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent'"'"'s identity, said random challenge, and said short-lived public key;

h) said second correspondent verifying said first MAC using said first of said pair of secret keys;

i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent;

j) said first correspondent verifying said second MAC using said first of said pair of secret keys;

k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and

l) said correspondents using at least one of said session keys in a secure communication.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key based mutual authentication and key exchange followed by symmetric-key secure data exchange.

65 Citations

View as Search Results

42 Claims

1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of:
- a) said second correspondent obtaining said public key of said first correspondent;
  
  b) said second correspondent sending a short-lived public key and said second correspondent'"'"'s identity to said first correspondent;
  
  c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom;
  
  d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent'"'"'s identity, a random challenge, and said short-lived public key;
  
  e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration;
  
  f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent'"'"'s public key to generate said pair of secret keys;
  
  g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent'"'"'s identity, said random challenge, and said short-lived public key;
  
  h) said second correspondent verifying said first MAC using said first of said pair of secret keys;
  
  i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent;
  
  j) said first correspondent verifying said second MAC using said first of said pair of secret keys;
  
  k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and
  
  l) said correspondents using at least one of said session keys in a secure communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. A method according to claim 1, said first correspondent being a mobile station and said second correspondent being a base station.
  - 3. A method according to claim 2, said secure communication being a call originated by said mobile station.
  - 4. A method according to claim 2, said secure communication being a call terminating at said mobile station.
  - 5. A method according to claim 2, wherein the value used in said mobile station MAC is 2 and said base station MAC is 3.
  - 6. A method according to claim 2, said elliptic curve having a cofactor t, said short-lived public key being bP, said mobile station private key being m, and said pair of secret keys being generated from a shared secret tmbP.
  - 7. A method according to claim 2, said secure communication being a data exchange between said stations.
  - 8. A method according to claim 7, said data exchange being used for internet browsing.
  - 9. A method according to claim 7, said data exchange being used for financial transactions.
  - 10. A method according to claim 1, said second correspondent obtaining said public key from a service provider of said first correspondent.
  - 11. A method according to claim 10, said service provider obtaining said public key by a manual exchange at a distributor outlet.
  - 12. A method according to claim 11, said public key being transmitted to said service provider using a dial-up connection.
  - 13. A method according to claim 10, said service provider obtaining said public key by an exchange at manufacture time.
  - 14. A method according to claim 13, said exchange comprising the steps of a manufacturer retrieving said public key, and transmitting said public key to said service provider.
  - 15. A method according to claim 10, said service provider obtaining said public key by an over-the-air exchange.
  - 16. A method according to claim 15, said over-the-air exchange being secured using a password established between a user of said mobile station and said service provider.
  - 17. A method according to claim 15, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time.
  - 18. A method according to claim 1, said second correspondent being a service provider of said first correspondent.
  - 19. A method according to claim 1, the MACs computed in steps (d) and (h) each incorporating a value, said values being distinct from each other.
  - 20. A method according to claim 1, said private keys, said public keys, and said MACs computed using elliptic curve cryptography.

21. A base station for use in a communication system having at least one mobile station, said base station and each said at least one mobile station having a respective identity, each said at least one mobile station having a private key and a public key derived from said private key, said base station initiating communications with a respective one of said mobile stations by:
- a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station;
  
  b) receiving from said mobile station a request for registration including said mobile station'"'"'s identity, a random challenge and a first MAC, said first MAC computed on said base station'"'"'s identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station;
  
  c) using said short-lived private key and said mobile station'"'"'s public key to generate said pair of secret keys;
  
  d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key;
  
  e) verifying said first MAC using said first of said pair of secret keys;
  
  f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; and
  
  g) computing a session key to secure communication with said mobile station by using a second of said pair of secret keys, said short-lived public key and said random challenge.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. A base station according to claim 21, wherein said base station obtains access to said public key from a service provider.
  - 23. A base station according to claim 21, wherein said base station is a service provider of said mobile station.
  - 24. A base station according to claim 23, wherein said base station obtains said public key by a manual exchange at a distributor outlet.
  - 25. A base station according to claim 23, wherein said base station receives said public key using a dial-up connection.
  - 26. A base station according to claim 23, wherein said base station obtains said public key by an exchange at manufacture time.
  - 27. A base station according to claim 26, wherein said exchange comprises the manufacturer retrieving said public key, and transmitting said public key to said base station.
  - 28. A base station according to claim 26, wherein said base station obtains said public key by an over-the-air exchange.
  - 29. A base station according to claim 28, wherein said over-the-air exchange is secured using a password established between a user of said mobile station and said base station.
  - 30. A base station according to claim 28, wherein said over-the-air-exchange is secured using a password embedded in said mobile station at manufacture time.
  - 31. A base station according to claim 21, wherein said public key, said private key, said short lived public key, and said short lived private key use elliptic curve cryptography.
  - 32. A method according to claim 31, said base station being a service provider of said mobile station.
  - 33. A method according to claim 31, said base station accessing said public key by receiving said public key from a service provider.
  - 34. A method according to claim 33, said base station obtaining said public key by a manual exchange at a distributor outlet.
  - 35. A method according to claim 33, said base station obtaining said public key by an exchange at manufacture time.
  - 36. A method according to claim 33, said base station receiving said public key using a dial-up connection.
  - 37. A method according to claim 36, said base station obtaining said public key by an over-the-air exchange.
  - 38. A method according to claim 36, said exchange comprising the manufacturer retrieving said public key, and transmitting said public key to said base station.
  - 39. A method according to claim 38, said over-the-air exchange being secured using a password established between a user of said mobile station and said base station.
  - 40. A method according to claim 38, said over-the-air-exchange being secured using a password embedded in said mobile station at manufacture time.

41. A method of establishing communications between a base station and a mobile station, said base station and said mobile station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said method comprising the base station performing the steps of:
- a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station;
  
  b) receiving from said mobile station a request for registration including said mobile station'"'"'s identity, a random challenge and a first MAC, said first MAC computed on said base station'"'"'s identity, said mobile station'"'"'s identity, said random challenge and said short-lived cubic key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station;
  
  c) using said short-lived private key and said mobile station'"'"'s public key to generate said pair of secret keys;
  
  d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key;
  
  e) verifying said first MAC using said first of said pair of secret keys;
  
  f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys;
  
  g) computing a session key using a second of said pair of secret keys, said short-lived public key and said random challenge; and
  
  h) using said session key to secure communication with said mobile station.

42. A method for authenticating a first correspondent and a second correspondent in a communication system, wherein the first correspondent has a private key and public key pair, said method comprising the steps of:
- a) said second correspondent transmitting a short term public key along with an identifier to said first correspondent;
  
  b) said first correspondent combining its private key with the second correspondent'"'"'s short term public key and generating a pair of shared secret keys;
  
  c) the correspondents using the first of said pair of shared secret keys for mutual authentication between said first and second correspondent;
  
  d) the correspondents using the second shared secret key of said pair of shared secret keys for establishing a secret session key;
  
  e) the correspondents using said secret session key to provide confidentiality for authenticated communications in the communication system;
  
  said mutual authentication characterised in that the first correspondent authenticates itself to the second correspondent using its private key, and the second correspondent authenticates itself to the first correspondent using the first correspondent'"'"'s public key obtained by said second correspondent from a trusted correspondent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Blake-Wilson, Simon, Panjwani, Prakash
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/871,672
Publication Number

US 20020018569A1
Time in Patent Office

1,961 Days
Field of Search

380/270, 380/255, 380/259, 713/171, 713/168, 713/182, 455/411
US Class Current

380/270
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0869   for achieving mutual authen...

H04W 12/041   Key generation or derivation

H04W 12/0471   Key exchange

H04W 12/069   using certificates or pre-s...

Enhanced subscriber authentication protocol

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced subscriber authentication protocol

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links