Terminal authentication in a wireless network

US 7,499,548 B2
Filed: 06/24/2003
Issued: 03/03/2009
Est. Priority Date: 06/24/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method performed by a user terminal of a wireless access network, the method comprising:

generating a shared secret to be provided to an access point of the wireless access network;

encrypting the shared secret with an access point public key;

pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret;

receiving an indication of a measured time parameter; and

selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and

signing the selected authenticator message with a user terminal private key; and

sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user terminal can be authenticated by an access point based on one message. In one embodiment, the present invention includes the access point receiving a message containing a shared secret encrypted with an access point public key, a user terminal certificate, and an authenticator string demonstrating possession by the user terminal of a user terminal private key. The access point can decrypt the shared secret using the private key of the access point paired with its private key. The access point can then authenticate the user terminal by checking the authenticator string using a user terminal public key included in the user terminal certificate to verify possession of the user terminal private key by the user terminal.

Citations

16 Claims

1. A method performed by a user terminal of a wireless access network, the method comprising:
- generating a shared secret to be provided to an access point of the wireless access network;
  
  encrypting the shared secret with an access point public key;
  
  pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret;
  
  receiving an indication of a measured time parameter; and
  
  selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and
  
  signing the selected authenticator message with a user terminal private key; and
  
  sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the user terminal certificate is scrambled, using a pseudo-random sequence generator initialized with a part of the shared secret, before being included in the message.
  - 3. The method of claim 2, wherein the remainder of the shared secret comprises a master secret to be used for symmetric key cryptography between the user terminal and the access point.
  - 4. The method of claim 1, wherein signing the authenticator message comprises:
    - generating a digest of the authenticator message; and
      
      encrypting the authenticator message digest with the user terminal private key.
  - 5. The method of claim 1, wherein the estimated time parameters comprise absolute frame numbers and the measured time parameter comprises an absolute frame number.
  - 6. The method of claim 1, wherein the user terminal generates and encrypts the shared secret prior to identifying the access point by encrypting the shared secret with the public keys of a plurality of access points stored in the user terminal.

7. A user terminal comprising:
- a memory to store a user terminal certificate and a shared secret to be provided to an access point;
  
  a processor coupled to the memory toencrypt the shared secret with access point public key,pre-calculate a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret;
  
  receive an indication of a measured time parameter,select a pre-calculated authenticator message that corresponds to the measure time parameter, andsign the selected authenticator message with a user terminal private key; and
  
  a transmitter coupled to the processor to send a message to the access point, the message including the encrypted shared secret, the user terminal certificate, and the signed authenticator message.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The user terminal of claim 7, wherein the processor is further to scramble the user terminal certificate using a pseudo-random sequence generator initialized with a part of the shared secret, before being included in the message.
  - 9. The user terminal of claim 8, wherein the remainder of the shared secret comprises a master secret to be used for symmetric key cryptography between the user terminal and the access point.
  - 10. The user terminal of claim 7, wherein signing the authenticator message comprises:
    - generating a digest of the authenticator message; and
      
      encrypting the authenticator message digest with the user terminal private key.
  - 11. The user terminal of claim 7, wherein the estimated time parameters comprise absolute frame numbers and the measured time parameter comprises an absolute frame number.

12. A machine-readable medium storing data representing instructions that, when executed by a processor of a user terminal, cause the processor to perform operations comprising:
- generating a shared secret to be provided to an access point of the wireless access network;
  
  encrypting the shared secret with an access point public key;
  
  pre-calculating a plurality of authenticator messages based on a corresponding plurality of estimated time parameters, each authenticator message comprising at least part of the shared secret;
  
  receiving an indication of a measured time parameter; and
  
  selecting a pre-calculated authenticator message that corresponds to the measured time parameter; and
  
  signing the selected authenticator message with a user terminal private key; and
  
  sending a message to the access point, the message including the encrypted shared secret, a user terminal certificate, and the signed authenticator message.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The machine-readable medium of claim 12, wherein the user terminal certificate is scrambled, using a pseudo-random sequence generator initialized with a part of the shared secret, before being included in the message.
  - 14. The machine-readable medium of claim 13, wherein the remainder of the shared secret comprises a master secret to be used for symmetric key cryptography between the user terminal and the access point.
  - 15. The machine-readable medium of claim 12, wherein signing the authenticator message comprises:
    - generating a digest of the authenticator message; and
      
      encrypting the authenticator message digest with the user terminal private key.
  - 16. The machine-readable medium of claim 12, wherein the estimated time parameters comprise absolute frame numbers and the measure time parameter comprises an absolute frame number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Dogan, Mithat Can, Meandzija, Branislav N., Goldburg, Marc C., Uhlik, Christopher R.
Primary Examiner(s)
Vu; KimYen
Assistant Examiner(s)
PATEL, NIRAV B

Application Number

US10/603,424
Publication Number

US 20040264699A1
Time in Patent Office

2,079 Days
Field of Search

713/156, 713/181, 713168-170, 713/175, 713/178, 380/270, 380/268, 380/255, 380 28- 30, 726/2, 726/27, 726/21, 726/30, 455/410, 455/411
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0407   wherein the identity of one...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 84/12   WLAN [Wireless Local Area N...

Terminal authentication in a wireless network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Terminal authentication in a wireless network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links