Terminal identity masking in a wireless network
First Claim
Patent Images
1. A method performed by a user terminal of a wireless access network, the method comprising:
- scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of the wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key;
disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point;
generating an authenticator string including data encrypted with the user terminal private key; and
sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string.
2 Assignments
0 Petitions
Accused Products
Abstract
The certificate issued by a certificate authority used in authenticating a user terminal can be scrambled prior to being set to an access point. In one embodiment, the present invention includes a user terminal having a memory in which a user terminal certificate is stored. The user terminal also has a processor coupled to the memory to scramble the user terminal certificate using a shared secret to be known only by the user terminal and an access point of the wireless access network, and a transmitter coupled to the processor to send a message to the access point, the message including the scrambled user terminal certificate.
43 Citations
33 Claims
-
1. A method performed by a user terminal of a wireless access network, the method comprising:
-
scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of the wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key; disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point; generating an authenticator string including data encrypted with the user terminal private key; and sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A user terminal comprising:
-
a memory to store a user terminal private key and a user terminal certificate, the user terminal certificate including a user terminal public key which corresponds to the user terminal private key; a processor coupled to the memory to scramble the user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of a wireless access network and to generate an authenticator string including data encrypted with the user terminal private key, wherein the first portion of the shared secret to be disqualified from use with symmetric key cryptography between the user terminal and the access point; and a transmitter coupled to the processor to send a message to the access point, the message including the scrambled user terminal certificate and the authenticator string. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method performed by an access point of a wireless access network, the method comprising:
-
receiving a message from a user terminal of the wireless access network, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using the shared secret, the scrambled user terminal certificate including a user terminal public key which corresponds to the user terminal private key; decrypting the shared secret using an access point private key; unscrambling the user terminal certificate using a first portion of the decrypted shared secret; disqualifying the first portion of the decrypted shared secret from use with symmetric key cryptography between the user terminal and the access point; and decrypting the authenticator string using the user terminal public key. - View Dependent Claims (12, 13)
-
-
14. An access point comprising:
-
a receiver to receive a message from a user terminal, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using the shared secret, the user terminal certificate including a user terminal public key which corresponds to the user terminal private key; and a processor coupled to the receiver to decrypt the shared secret using an access point private key, unscramble the user terminal certificate using a first portion of the decrypted shared secret, and decrypt the authenticator string using the user terminal public key, wherein the first portion of the decrypted shared secret to be disqualified from use with symmetric key cryptography between the user terminal and the access point. - View Dependent Claims (15, 16)
-
-
17. A machine-readable medium storing data representing instructions that, when performed by a processor of a user terminal, causes the processor to perform operations comprising:
-
scrambling a user terminal certificate using a first portion of a shared secret to be known only by the user terminal and an access point of a wireless access network, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key; disqualifying the first portion of the shared secret from use with symmetric key cryptography between the user terminal and the access point; generating an authenticator string including data encrypted with the user terminal private key; and sending a message to the access point, the message including the scrambled user terminal certificate and the authenticator string. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A machine-readable medium storing data representing instructions that, when performed by a processor of an access point, causes the processor to perform operations comprising:
-
receiving a message from a user terminal of a wireless access network, the message containing a shared secret encrypted with an access point public key, an authenticator string including data encrypted with a user terminal private key, and a user terminal certificate scrambled using a first portion of the shared secret, the scrambled user terminal certificate including a user terminal public key which corresponds to a user terminal private key; decrypting the shared secret using an access point private key; unscrambling the user terminal certificate using the first portion of the decrypted shared secret; disqualifying the first portion of the decrypted shared secret from use with symmetric key cryptography between the user terminal and the access point; and decrypting the authenticator string using the user terminal public key. - View Dependent Claims (23, 24)
-
-
25. An apparatus comprising:
-
a memory to store a certificate; a processor coupled to the memory to scramble the certificate using a first portion of a shared secret to be known only by the apparatus and an access point of a wireless access network, wherein the first portion of the shared secret to be disqualified from use with symmetric key cryptography with the access point; and a transmitter coupled to the processor to send a message to the access point, the message including the scrambled certificate. - View Dependent Claims (26, 27, 28, 29)
-
-
30. An access point comprising:
-
a receiver to receive a message, the message comprising a shared secret encrypted with an access point public key and a certificate scrambled using the shared secret; and a processor coupled to the receiver to decrypt the shared secret using an access point private key, and unscramble the certificate using a first portion of the decrypted shared secret, wherein the first portion of the decrypted shared secret to be disqualified from use with symmetric key cryptography with the access point. - View Dependent Claims (31, 32, 33)
-
Specification