Terminal identity masking in a wireless network

US 7,302,565 B2
Filed: 06/24/2003
Issued: 11/27/2007
Est. Priority Date: 06/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method performed by a user terminal of a wireless access network, the method comprising:

scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of the wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key;

disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point;

generating an authenticator string including data encrypted with the user terminal private key; and

sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The certificate issued by a certificate authority used in authenticating a user terminal can be scrambled prior to being set to an access point. In one embodiment, the present invention includes a user terminal having a memory in which a user terminal certificate is stored. The user terminal also has a processor coupled to the memory to scramble the user terminal certificate using a shared secret to be known only by the user terminal and an access point of the wireless access network, and a transmitter coupled to the processor to send a message to the access point, the message including the scrambled user terminal certificate.

43 Citations

View as Search Results

33 Claims

1. A method performed by a user terminal of a wireless access network, the method comprising:
- scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of the wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key;
  
  disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point;
  
  generating an authenticator string including data encrypted with the user terminal private key; and
  
  sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising generating the shared secret and providing the shared secret to the access point.
  - 3. The method of claim 2, wherein providing the shared secret to the access point comprises encrypting the shared secret with an access point public key.
  - 4. The method of claim 1, wherein scrambling the user terminal certificate using the first portion of the shared secret comprises combining the user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the shared secret.
  - 5. The method of claim 1, wherein the remaining portion of the shared secret is used for symmetric key cryptography between the user terminal and the access point.

6. A user terminal comprising:
- a memory to store a user terminal private key and a user terminal certificate, the user terminal certificate including a user terminal public key which corresponds to the user terminal private key;
  
  a processor coupled to the memory to scramble the user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of a wireless access network and to generate an authenticator string including data encrypted with the user terminal private key, wherein the first portion of the shared secret to be disqualified from use with symmetric key cryptography between the user terminal and the access point; and
  
  a transmitter coupled to the processor to send a message to the access point, the message including the scrambled user terminal certificate and the authenticator string.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The user terminal of claim 6, wherein the processor also generates the shared secret and the transmitter also provides the shared secret to the access point.
  - 8. The user terminal of claim 7, wherein the transmitter provides the shared secret to the access point by encrypting the shared secret with an access point public key.
  - 9. The user terminal of claim 6, wherein the processor scrambles the user terminal certificate using the first portion of the shared secret by combining the user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the shared secret.
  - 10. The user terminal of claim 6, wherein the remaining portion of the shared secret to be used for symmetric key cryptography between the user terminal and the access point.

11. A method performed by an access point of a wireless access network, the method comprising:
- receiving a message from a user terminal of the wireless access network, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using the shared secret, the scrambled user terminal certificate including a user terminal public key which corresponds to the user terminal private key;
  
  decrypting the shared secret using an access point private key;
  
  unscrambling the user terminal certificate using a first portion of the decrypted shared secret;
  
  disqualifying the first portion of the decrypted shared secret from use with symmetric key cryptography between the user terminal and the access point; and
  
  decrypting the authenticator string using the user terminal public key.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein unscrambling the user terminal certificate using the first portion of the decrypted shared secret comprises combining the scrambled user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the decrypted shared secret.
  - 13. The method of claim 11, wherein the remaining portion of the shared secret is used for symmetric key cryptography between the user terminal and the access point.

14. An access point comprising:
- a receiver to receive a message from a user terminal, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using the shared secret, the user terminal certificate including a user terminal public key which corresponds to the user terminal private key; and
  
  a processor coupled to the receiver to decrypt the shared secret using an access point private key, unscramble the user terminal certificate using a first portion of the decrypted shared secret, and decrypt the authenticator string using the user terminal public key, wherein the first portion of the decrypted shared secret to be disqualified from use with symmetric key cryptography between the user terminal and the access point.
- View Dependent Claims (15, 16)
- - 15. The access point of claim 14, wherein the processor unscrambles the user terminal certificate using the first portion of the shared secret by combining the scrambled user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the decrypted shared secret.
  - 16. The access point of claim 14, wherein the remaining portion of the shared secret is used for symmetric key cryptography between the user terminal and the access point.

17. A machine-readable medium storing data representing instructions that, when performed by a processor of a user terminal, causes the processor to perform operations comprising:
- scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of a wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key;
  
  disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point;
  
  generating an authenticator string including data encrypted with the user terminal private key; and
  
  sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The machine-readable medium of claim 17, wherein the instructions further cause the processor to perform operations comprising generating the shared secret and providing the shared secret to the access point.
  - 19. The machine-readable medium of claim 18, wherein providing the shared secret to the access point comprises encrypting the shared secret with an access point public key.
  - 20. The machine-readable medium of claim 17, wherein scrambling the user terminal certificate using the first portion of the shared secret comprises combining the user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the shared secret.
  - 21. The machine-readable medium of claim 17, wherein the remaining portion of the shared secret is used for symmetric key cryptography between the user terminal and the access point.

22. A machine-readable medium storing data representing instructions that, when performed by a processor of an access point, causes the processor to perform operations comprising:
- receiving a message from a user terminal of a wireless access network, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using a first portion of the shared secret, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key;
  
  decrypting the shared secret using an access point private key;
  
  unscrambling the user terminal certificate using the first portion of the decrypted shared secret;
  
  disqualifying the first portion of the decrypted shared secret from use with symmetric key cryptography between the user terminal and the access point; and
  
  decrypting the authenticator string using the user terminal public key.
- View Dependent Claims (23, 24)
- - 23. The machine-readable medium of claim 22, wherein unscrambling the user terminal certificate using the first portion of the decrypted shared secret comprises combining the scrambled user terminal certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the decrypted shared secret.
  - 24. The machine-readable medium of claim 22, wherein the remaining portion of the decrypted shared secret is used for symmetric key cryptography between the user terminal and the access point.

25. An apparatus comprising:
- a memory to store a certificate;
  
  a processor coupled to the memory to scramble the certificate using a first portion of a shared secret to be known only by the apparatus and an access point of a wireless access network, wherein the first portion of the shared secret to be disqualified from use with symmetric key cryptography with the access point; and
  
  a transmitter coupled to the processor to send a message to the access point, the message including the scrambled certificate.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The apparatus of claim 25, wherein the processor also generates the shared secret and the transmitter also provides the shared secret to the access point.
  - 27. The apparatus of claim 26, wherein the transmitter provides the shared secret to the access point by encrypting the shared secret with an access point public key.
  - 28. The apparatus of claim 25, wherein the processor scrambles the certificate using the first portion of the shared secret by combining the certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the shared secret.
  - 29. The apparatus of claim 25, wherein a second portion of the shared secret to be used for symmetric key cryptography with the access point.

30. An access point comprising:
- a receiver to receive a message, the message comprising a shared secret encrypted with an access point public key and a certificate scrambled using the shared secret; and
  
  a processor coupled to the receiver to decrypt the shared secret using an access point private key, and unscramble the certificate using a first portion of the decrypted shared secret, wherein the first portion of the decrypted shared secret to be disqualified from use with symmetric key cryptography with the access point.
- View Dependent Claims (31, 32, 33)
- - 31. The access point of claim 30, wherein the processor unscrambles the certificate using the first portion of the shared secret by combining the scrambled certificate with a pseudo-random sequence generated by a linear feedback shift register initialized with the first portion of the decrypted shared secret.
  - 32. The access point of claim 30, wherein a second portion of the shared secret is used for symmetric key cryptography with the access point.
  - 33. The access point of claim 30, wherein the certificate includes an identification of a sending apparatus and a sending apparatus public key which corresponds to a sending apparatus private key, wherein the access point authenticates the sending apparatus by checking the certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
ArrayComm LLC (Ygomi LLC)
Inventors
Meandzija, Branislav N., Dogan, Mithat Can, Goldburg, Marc C.
Primary Examiner(s)
ARANI, TAGHI T

Application Number

US10/603,562
Publication Number

US 20050005095A1
Time in Patent Office

1,617 Days
Field of Search

713/156, 380/270, 380/268
US Class Current

713/155
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0662   with particular pseudorando...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 92/10   between terminal device and...

Terminal identity masking in a wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Terminal identity masking in a wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links