Enhanced subscriber authentication protocol
First Claim
Patent Images
1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of:
- a) said second correspondent obtaining said public key of said first correspondent;
b) said second correspondent sending a short-lived public key and said second correspondent'"'"'s identity to said first correspondent;
c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom;
d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent'"'"'s identity, a random challenge, and said short-lived public key;
e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration;
f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent'"'"'s public key to generate said pair of secret keys;
g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent'"'"'s identity, said random challenge, and said short-lived public key;
h) said second correspondent verifying said first MAC using said first of said pair of secret keys;
i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent;
j) said first correspondent verifying said second MAC using said first of said pair of secret keys;
k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and
l) said correspondents using at least one of said session keys in a secure communication.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method of authenticating a pair of correspondents in a communication system, such as in a mobile phone network by utilizing a blend of public-key cryptography and symmetric cryptography. Each session between the mobile phone and the network consists of public-key based mutual authentication and key exchange followed by symmetric-key secure data exchange.
-
Citations
42 Claims
-
1. A method of establishing communication between a first correspondent and a second correspondent, each of said correspondents having a respective identity, said first correspondent having a private key and a public key derived therefrom, said method comprising the steps of:
-
a) said second correspondent obtaining said public key of said first correspondent; b) said second correspondent sending a short-lived public key and said second correspondent'"'"'s identity to said first correspondent; c) said first correspondent combining its private key with said short-lived public key and generating a pair of secret keys therefrom; d) said first correspondent using a first of said pair of secret keys to compute a first MAC on its identity, said second correspondent'"'"'s identity, a random challenge, and said short-lived public key; e) said first correspondent sending its identity, said random challenge, and said first MAC to said second correspondent, thereby requesting registration; f) said second correspondent using a short-lived private key corresponding to said short-lived public key and said first correspondent'"'"'s public key to generate said pair of secret keys; g) said second correspondent using said first of said pair of secret keys to compute a second MAC on its identity, said first correspondent'"'"'s identity, said random challenge, and said short-lived public key; h) said second correspondent verifying said first MAC using said first of said pair of secret keys; i) said second correspondent sending said second MAC to said first correspondent, thereby registering said first correspondent; j) said first correspondent verifying said second MAC using said first of said pair of secret keys; k) said correspondents each computing a pair of session keys from a second of said pair of secret keys, said short-lived public key, and said random challenge; and l) said correspondents using at least one of said session keys in a secure communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A base station for use in a communication system having at least one mobile station, said base station and each said at least one mobile station having a respective identity, each said at least one mobile station having a private key and a public key derived from said private key, said base station initiating communications with a respective one of said mobile stations by:
-
a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station'"'"'s identity, a random challenge and a first MAC, said first MAC computed on said base station'"'"'s identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station'"'"'s public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; and g) computing a session key to secure communication with said mobile station by using a second of said pair of secret keys, said short-lived public key and said random challenge. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method of establishing communications between a base station and a mobile station, said base station and said mobile station each having a respective identity, said mobile station having a private key and a public key derived from said private key, said method comprising the base station performing the steps of:
-
a) obtaining said public key of said mobile station, computing a short-lived public key derived from a short-lived private key and sending said short-lived public key and its identity to said mobile station; b) receiving from said mobile station a request for registration including said mobile station'"'"'s identity, a random challenge and a first MAC, said first MAC computed on said base station'"'"'s identity, said mobile station'"'"'s identity, said random challenge and said short-lived cubic key using a first of a pair of secret keys, said pair of secret keys being generated by said mobile station combining its private key with said short-lived public key provided by said base station; c) using said short-lived private key and said mobile station'"'"'s public key to generate said pair of secret keys; d) using said first of said pair of secret keys to compute a second MAC on its identity, said mobile station'"'"'s identity, said random challenge and said short-lived public key; e) verifying said first MAC using said first of said pair of secret keys; f) sending said second MAC to said mobile station to thereby register said mobile station and to enable said mobile station to verify said second MAC using said first of said pair of secret keys; g) computing a session key using a second of said pair of secret keys, said short-lived public key and said random challenge; and h) using said session key to secure communication with said mobile station.
-
-
42. A method for authenticating a first correspondent and a second correspondent in a communication system, wherein the first correspondent has a private key and public key pair, said method comprising the steps of:
-
a) said second correspondent transmitting a short term public key along with an identifier to said first correspondent; b) said first correspondent combining its private key with the second correspondent'"'"'s short term public key and generating a pair of shared secret keys; c) the correspondents using the first of said pair of shared secret keys for mutual authentication between said first and second correspondent; d) the correspondents using the second shared secret key of said pair of shared secret keys for establishing a secret session key; e) the correspondents using said secret session key to provide confidentiality for authenticated communications in the communication system; said mutual authentication characterised in that the first correspondent authenticates itself to the second correspondent using its private key, and the second correspondent authenticates itself to the first correspondent using the first correspondent'"'"'s public key obtained by said second correspondent from a trusted correspondent.
-
Specification