Dynamic security authentication for wireless communication networks

US 7,233,664 B2
Filed: 05/30/2003
Issued: 06/19/2007
Est. Priority Date: 03/13/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of providing secure authentication between wireless communication network nodes, the method comprising:

providing a node identifier comprising an address and an initial authentication key;

installing the node identifier at a first network node;

storing the node identifier at a second network node;

sending node identifier information from a first network node to a second network node; and

synchronously regenerating an authentication key at two network nodes based upon node identifier information.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

In a first embodiment, a dynamic computer system security method and system using dynamic encryption and full synchronization between system nodes. A data record created by a source user is encrypted with an initial dynamic session key. A new dynamic session key is generated based upon a data record and a previous dynamic session key. A central authority is used to synchronize and authenticate both source and destination users with constantly regenerated dynamic authentication keys. In a second embodiment, a method of providing dynamic security authentication between wireless communication network nodes. An initial authentication key and an address are assigned to certain of the nodes. The address along with information encrypted by the initial authentication key is sent to an authentication server. The authentication server and node or nodes synchronously regenerate authentication keys based upon the initial authentication key. Secure handovers occur between nodes via an authentication key.

46 Citations

View as Search Results

26 Claims

1. A method of providing secure authentication between wireless communication network nodes, the method comprising:
- providing a node identifier comprising an address and an initial authentication key;
  
  installing the node identifier at a first network node;
  
  storing the node identifier at a second network node;
  
  sending node identifier information from a first network node to a second network node; and
  
  synchronously regenerating an authentication key at two network nodes based upon node identifier information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1 wherein the step of sending node identifier information from a first network node to a second network node comprises comparing the sent node identifier information to the stored node identifier at a second network node.
  - 3. The method of claim 2 wherein the step of comparing the sent node identifier information to the stored node identifier comprises comparing the sent node identifier address to the stored node identifier and determining an associated authentication key.
  - 4. The method of claim 1 wherein the step of sending node identifier information from a first network node to a second network node comprises:
    - encrypting the node identifier address with the initial authentication key; and
      
      sending the node identifier address and encrypted node identifier address to a second network node.
  - 5. The method of claim 4 wherein the step of sending node identifier information from a first network node to a second network node further comprises comparing the sent node identifier address to the stored node identifier at a second network node and determining an associated authentication key.
  - 6. The method of claim 5 wherein the step of sending node identifier information from a first network node to a second network node further comprises decrypting a node identifier address with the associated authentication key at a second network node.
  - 7. The method of claim 6 wherein the step of sending node identifier information from a first network node to a second network node further comprises comparing the decrypted node identifier address to the sent node identifier address.
  - 8. The method of claim 7 wherein the step of sending node identifier information from a first network node to a second network node further comprises:
    - encrypting a function of the node identifier address with the associated initial authentication key at a second network node; and
      
      sending the encrypted function to a first network node.
  - 9. The method of claim 8 wherein the step of sending node identifier information from a first network node to a second network node further comprises:
    - decrypting the encrypted function with an initial authentication key at a first network node; and
      
      comparing the decrypted function to the function.
  - 10. The method of claim 1 wherein the step of synchronously regenerating an authentication key at two network nodes based upon node identifier information comprises synchronously regenerating an authentication key at two network nodes based upon an initial authentication key.
  - 11. The method of claim 1 wherein the step of synchronously regenerating an authentication key at two network nodes based upon node identifier information comprises maintaining a number regeneration counter.
  - 12. The method of claim 1 wherein the step of synchronously regenerating an authentication key at two network nodes based upon node identifier information comprises buffering an authentication key.
  - 13. The method of claim 1 wherein the step of synchronously regenerating an authentication key at two network nodes based upon node identifier information comprises:
    - maintaining a number regeneration counter; and
      
      buffering an authentication key and number regeneration count every Δ
      
      t.
  - 14. The method of claim 1 wherein the step of sending node identifier information from a first network node to a second network node comprises:
    - generating a nonce;
      
      encrypting the nonce with the authentication key; and
      
      sending the node identifier address, nonce and encrypted nonce from a first network node to a second network node.
  - 15. The method of claim 14 further comprising the step of forwarding the node identifier address, nonce and encrypted nonce from a second network node to a third network node.
  - 16. The method of claim 15 wherein the step of forwarding the node identifier address, nonce and encrypted nonce from a second network node to a third network node further comprises comparing the sent node identifier address to a stored node identifier at a third network node and determining an associated authentication key.
  - 17. The method of claim 16 wherein the step of forwarding the node identifier address, nonce and encrypted nonce from a second network node to a third network node further comprises decrypting the encrypted nonce with the associated authentication key at a third network node.
  - 18. The method of claim 17 wherein the step of forwarding the node identifier address, nonce and encrypted nonce from a second network node to a third network node further comprises comparing the decrypted nonce to the sent nonce.
  - 19. The method of claim 18 further comprising the steps of:
    - encrypting an authentication key and a number regeneration count with an authentication key of a second node; and
      
      sending the encrypted authentication key and number regeneration count from a third to a second network node.
  - 20. The method of claim 19 further comprising the steps of:
    - encrypting a function of a nonce with an authentication key of a first network node; and
      
      sending the encrypted function from a second network node to a first network node.
  - 21. The method of claim 20 further comprising the steps of:
    - decrypting the encrypted function with an authentication key at a first network node; and
      
      comparing the decrypted function to the function.
  - 22. The method of claim 13 further comprising the steps of:
    - sending a handover request with a buffered authentication key from a first network node to a second network node;
      
      deassociating the first network node with the second network node;
      
      connecting a first network node to a third network node; and
      
      regenerating an authentication key at the third network node based upon the buffered authentication key.
  - 23. The method of claim 13 further comprising the steps of:
    - establishing a connection between a first network node and a second network node;
      
      roaming for a third network node;
      
      determining whether the first network node was connected to the third network node within a previous time period Δ
      
      t;
      
      sending a handover request with a buffered authentication key including third network node information from the first network node to the second network node;
      
      sending a buffered authentication key and number regeneration count of the first network node to the third network node;
      
      connecting a first network node to a third network node; and
      
      regenerating an authentication key at the first and third network nodes based upon the buffered authentication key.
  - 24. The method of claim 1 further comprising the step of maintaining a number regeneration counter associated with regeneration of authentication keys.
  - 25. The method of claim 24 further comprising the step of buffering an authentication key and associated number regeneration count.

26. A network for providing secure authentication between wireless communication network nodes, the network comprising:
- a first network node;
  
  a node identifier comprising an address and an initial authentication key, said node identifier associated with said first network node;
  
  a second network node, said second network node comprising means for storing said node identifier;
  
  a communication channel between said first and second network nodes; and
  
  means for synchronously regenerating an authentication key at said first and second network nodes based upon said node identifier.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Encryptawave Technologies LLC (Inferential Capital LLC)
Original Assignee
New Mexico Technical Research Foundation
Inventors
Soliman, Hamdy
Primary Examiner(s)
Song; Hosuk

Application Number

US10/448,989
Publication Number

US 20040179690A1
Time in Patent Office

1,481 Days
Field of Search

380/270, 380/274, 380/277, 380/44, 713168-170, 726 2- 3
US Class Current

380/44
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/12   Transmitting and receiving ...

H04L 9/16   the keys or algorithms bein...

H04L 9/3273   for mutual authentication n...

Dynamic security authentication for wireless communication networks

First Claim

4 Assignments

Litigations

0 Petitions

Accused Products

Abstract

46 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security authentication for wireless communication networks

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links