Method and software program product for mutual authentication in a communications network

US 7,231,203 B2
Filed: 03/05/2004
Issued: 06/12/2007
Est. Priority Date: 03/06/2003
Status: Active Grant

First Claim

Patent Images

1. A method for a mutual authentication between a user and a communications network, said user being provided with a terminal to which a subscriber identity module is operatively coupled, said subscriber identity module storing at least one identifier and a first copy of a unique key associated to said user, said network including an authentication sub-system comprising at least a first authentication apparatus storing a second copy of said unique key associated to said user identifier, comprising:

sending said user identifier from said subscriber identity module to said terminal;

generating, a first number at said terminal;

sending said identifier and at least a portion of said first number from said terminal to said authentication sub-system through an access point of said network;

at said authentication sub-system, identifying said second copy of said unique key using said identifier, generating at least a second number and challenging said second number with said second copy of said unique key, so as to generate at least a first session key and at least a first signed response;

at said authentication sub-system, forming, according to a first rule, a second session key using at least said first session key, and encrypting at least said first number portion using said second session key;

sending at least said encrypted first number portion and said second number from said authentication sub-system to said terminal;

forwarding said second number from said terminal to said subscriber identity module and challenging, at said subscriber identity module said second number with said first copy of said unique key, so as to generate at least a third session key and at least a second signed response;

sending said third session key and said second signed response from said subscriber identity module to said terminal;

at said terminal, forming a fourth session key, according to a second rule corresponding to said first rule, using at least said third session key, and decrypting said first number portion received from said authentication sub-system using said fourth session key;

checking, at said terminal, a matching between said decrypted first number portion with a corresponding portion of said generated first number, so as to allow communications from said network to said terminal;

sending at least said second signed response from said terminal to said authentication sub-system; and

at said authentication sub-system, checking a matching between said first signed response and said second signed response, so as to allow communications from said terminal to said network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for mutual authentication between a subscriber and a communications network, in which a random number is generated at the subscriber'"'"'s terminal. The random number is sent to the authentication sub-system managing the authentication of the subscriber for the access to the network, e.g., together with a subscriber'"'"'s identifier. At the authentication sub-system, the identifier is used for checking the credentials of the subscriber. During the authentication process, parameters related to the subscriber'"'"'s identifier are generated at the authentication sub-system, and the random number is encrypted using a session key formed using such parameters. The encrypted random number is then sent back to the subscriber'"'"'s terminal, together with information needed to terminal in order to reconstruct the session key. After having reconstructed the session key, the subscriber'"'"'s terminal decrypts the random number and checks matching with its generated random number. The matching between the two numbers allows the verification, by the subscriber, that the access point to which he/she is connecting is not a fake access point.

28 Citations

View as Search Results

27 Claims

1. A method for a mutual authentication between a user and a communications network, said user being provided with a terminal to which a subscriber identity module is operatively coupled, said subscriber identity module storing at least one identifier and a first copy of a unique key associated to said user, said network including an authentication sub-system comprising at least a first authentication apparatus storing a second copy of said unique key associated to said user identifier, comprising:
- sending said user identifier from said subscriber identity module to said terminal;
  
  generating, a first number at said terminal;
  
  sending said identifier and at least a portion of said first number from said terminal to said authentication sub-system through an access point of said network;
  
  at said authentication sub-system, identifying said second copy of said unique key using said identifier, generating at least a second number and challenging said second number with said second copy of said unique key, so as to generate at least a first session key and at least a first signed response;
  
  at said authentication sub-system, forming, according to a first rule, a second session key using at least said first session key, and encrypting at least said first number portion using said second session key;
  
  sending at least said encrypted first number portion and said second number from said authentication sub-system to said terminal;
  
  forwarding said second number from said terminal to said subscriber identity module and challenging, at said subscriber identity module said second number with said first copy of said unique key, so as to generate at least a third session key and at least a second signed response;
  
  sending said third session key and said second signed response from said subscriber identity module to said terminal;
  
  at said terminal, forming a fourth session key, according to a second rule corresponding to said first rule, using at least said third session key, and decrypting said first number portion received from said authentication sub-system using said fourth session key;
  
  checking, at said terminal, a matching between said decrypted first number portion with a corresponding portion of said generated first number, so as to allow communications from said network to said terminal;
  
  sending at least said second signed response from said terminal to said authentication sub-system; and
  
  at said authentication sub-system, checking a matching between said first signed response and said second signed response, so as to allow communications from said terminal to said network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprising encrypting said identifier and said first number portion at said terminal before the step of sending from said terminal to said authentication sub-system, said encryption being performed with a predetermined public key, stored on said terminal.
  - 3. The method according to claim 2, further comprising decrypting said identifier and said first number portion at said authentication sub-system, said decryption being performed with a private key related to said predetermined public key.
  - 4. The method according to claim 1, wherein said first rule for forming said second session key comprises concatenating said first session key and said first signed response.
  - 5. The method according to claim 4, wherein said second rule for forming said fourth session key comprises concatenating said third session key and said second signed response.
  - 6. The method according to claim 1, wherein said step of encrypting, at said authentication sub-system at least said first number portion using said second session key comprises encrypting also a transaction identifier generated at said authentication sub-system.
  - 7. The method according to claim 6, wherein said step of decrypting, at said terminal said first number portion received from said authentication sub-system using said fourth session key also comprises decrypting said transaction identifier.
  - 8. The method according to claim 7, further comprising sending said decrypted transaction identifier from said terminal to said authentication sub-system.
  - 9. The method according to claim 1 further comprising generating, at said authentication sub-system, at least a third number and challenging said third number with said second copy of said unique key, so as to generate at least a fifth session key and at least a third signed response.
  - 10. The method according to claim 9, wherein said first rule for forming said second session key comprises concatenating at least one among said first session key and said first signed response with at least one among said fifth session key and said third signed response.
  - 11. The method according to claim 9, wherein said step of sending at least said encrypted first number portion and said second number from said authentication sub-system to said terminal further comprises sending said third number to said terminal.
  - 12. The method according to claim 11, further comprising challenging, at said subscriber identity module, said third number with said first copy of said unique key, so as to generate at least a sixth session key and at least a fourth signed response.
  - 13. The method according to claim 12, wherein said second rule for forming said fourth session key comprises concatenating at least one among said third session key and said second signed response with at least one among said sixth session key and said fourth signed response.

14. A method for allowing a user to verify a trust of a communications network, the user being provided with a terminal to which a subscriber identity module is operatively coupled, said subscriber identity module storing at least one identifier and at least one unique key associated to said user, said network including an authentication sub-system, said method comprising, at said terminal:
- receiving said user identifier from said subscriber identity module;
  
  generating a first numbersending said identifier and at least a portion of said first number to said authentication sub-system through an access point of said network;
  
  receiving from said authentication sub-system through said access point, an encrypted number and at least a second number generated at said authentication sub-system;
  
  forwarding said second number to said subscriber identity module;
  
  receiving, from said subscriber identity module at least a first session key and a first signed response, obtained at said subscriber identity module from a challenge on said second number with said unique key;
  
  generating a second session key using at least one among said first session key and said first signed response, according to a predetermined rule;
  
  decrypting said encrypted number received from said authentication sub-system using said second session key; and
  
  checking a matching between said portion of said first number with a corresponding first portion of said decrypted number, so as to allow trust verification of said network.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method according to claim 14, further comprising encrypting said identifier and said first number portion at said terminal before said step of sending from said terminal to said authentication sub-system, said encryption being performed with a predetermined public key stored on said terminal.
  - 16. The method according to claim 15, wherein said predetermined rule for forming said second session key comprises concatenating said first session key and said first signed response.
  - 17. The method according to claim 14, further comprising sending said first signed response to said authentication sub-system.
  - 18. The method according to claim 17, further comprising sending a second portion of said decrypted number to said authentication sub-system.
  - 19. The method according to claim 14 further comprising receiving, from said authentication sub-system, at least a third number generated at said authentication sub-system.
  - 20. The method according to claim 19, further comprising forwarding said third number to said subscriber identity module.
  - 21. The method according to claim 20, further comprising receiving, from said subscriber identity module at least a third session key and a second signed response, obtained at said subscriber identity module from a challenge on said third number with said unique key.
  - 22. The method according to claim 21, wherein said predetermined rule for forming said second session key comprises concatenating at least one among said first session key and said first signed response with at least one among said third session key and said second signed response.

23. A computer-readable medium storing instructions for executing a software program loadable into a memory of a computer, said software program comprising software code portions for performing a method for allowing a user to verify a trust of a communications network, the user being provided with a terminal to which a subscriber identity module is operatively coupled, said subscriber identity module storing at least one identifier and at least one unique key associated to said user, said network including an authentication sub-system, said method comprising:
- receiving said user identifier from said subscriber identity module;
  
  generating a first number;
  
  sending said identifier and at least a portion of said first number to said authentication sub-system through an access point of said network;
  
  receiving from said authentication sub-system through said access point, an encrypted number and at least a second number generated at said authentication sub-system;
  
  forwarding said second number to said subscriber identity module;
  
  receiving, from said subscriber identity module at least a first session key and a first signed response, obtained at said subscriber identity module from a challenge on said second number with said unique key;
  
  generating a second session key using at least one among said first session key and said first signed response, according to a predetermined rule;
  
  decrypting said encrypted number received from said authentication sub-system using said second session key; and
  
  checking a matching between said portion of said first number with a corresponding first portion of said decrypted number, so as to allow trust verification of said network.
- View Dependent Claims (24, 25, 26)
- - 24. The computer-readable medium according to claim 23, wherein the software program is made accessible from a memory of a user'"'"'s terminal.
  - 25. The computer-readable medium according to claim 23, wherein the software program is included in an authentication kit for authenticating a user'"'"'s terminal in a communications network.
  - 26. The computer-readable medium according to claim 25, wherein said authentication kit further comprises a subscriber identity module of a type adopted in mobile communication networks for authenticating mobile communication terminals.

27. A method for allowing a user to verify a trust of a communications network, the user being provided with a terminal, with an identifier and with a shared secret, said network including an authentication sub-system storing said user'"'"'s identifier associated to a copy of said shared secret, said method comprising, under control of said terminal:
- generating a first number;
  
  sending said user'"'"'s identifier and at least a portion of said first number to said authentication sub-system through an access point of said network;
  
  receiving from said authentication sub-system through said access point, an encrypted number, said encrypted number being encrypted with a session key generated at said authentication sub-system based on said copy of said shared secret and on a second number generated at said authentication sub-system;
  
  receiving said second number from said authentication sub-system through said access point;
  
  processing said second number and said shared secret so as to obtain a copy of said session key;
  
  decrypting said encrypted number received from said authentication sub-system using said copy of said session key; and
  
  checking a matching between said portion of said first number with a corresponding portion of said decrypted number, so as to allow trust verification of said network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tim Italia Spa (Telecom Italia S.p.A.)
Original Assignee
Tim Italia Spa (Telecom Italia S.p.A.)
Inventors
Marcelli, Maurizio
Primary Examiner(s)
Feild; Joseph
Assistant Examiner(s)
Nguyen; David Q.

Application Number

US10/548,221
Publication Number

US 20060189298A1
Time in Patent Office

1,194 Days
Field of Search

455/411, 455/433, 455/410, 455/435, 380/247, 380/211
US Class Current

455/411
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04W 12/068   using credential vaults, e....

H04W 12/122   Counter-measures against at...

H04W 80/00   Wireless network protocols ...

Method and software program product for mutual authentication in a communications network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Method and software program product for mutual authentication in a communications network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others