Sequence number calculation and authentication in a communications system

US 7,570,764 B2
Filed: 06/20/2002
Issued: 08/04/2009
Est. Priority Date: 10/10/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating access of a subscriber terminal to a communication network, comprising:

storing in a communication network database authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a sequence number which is recalculated each time the subscriber terminal accesses the communication network;

recalculating the sequence number by generating a new sequence number from a sequence number for the subscriber terminal stored in the communication network database and wherein each sequence number comprises a suffix and a prefix, the method of generating a new sequence number comprising calculating a new sequence number suffix from an existing sequence number suffix, calculating a new sequence number prefix by a randomising process if the new suffix is equal to a predetermined value, and calculating a new sequence number prefix by an algorithmic process from the prefix of the existing sequence number if the new suffix differs from said predetermined value;

exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and

based on said exchanged secret key information, authenticating access of said subscriber terminal to the communications network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a mobile communications system, a batch of sequence numbers is generated via an algorithm wherein each sequence number comprises a suffix and a prefix. The method comprises; calculating a new sequence number suffix from an existing sequence number suffix, calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomizing process if the new suffix is equal to said predetermined value, and calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number. The sequence numbers are used in the authentication procedure.

Citations

8 Claims

1. A method of authenticating access of a subscriber terminal to a communication network, comprising:
- storing in a communication network database authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a sequence number which is recalculated each time the subscriber terminal accesses the communication network;
  
  recalculating the sequence number by generating a new sequence number from a sequence number for the subscriber terminal stored in the communication network database and wherein each sequence number comprises a suffix and a prefix, the method of generating a new sequence number comprising calculating a new sequence number suffix from an existing sequence number suffix, calculating a new sequence number prefix by a randomising process if the new suffix is equal to a predetermined value, and calculating a new sequence number prefix by an algorithmic process from the prefix of the existing sequence number if the new suffix differs from said predetermined value;
  
  exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and
  
  based on said exchanged secret key information, authenticating access of said subscriber terminal to the communications network.
- View Dependent Claims (2, 3)
- - 2. A method as claimed in claim 1 wherein the algorithmic process comprises modular addition of an integer to the prefix of the existing sequence number.
  - 3. A method as claimed in claim 2, wherein the integer comprises unity.

4. A method of authenticating access of a subscriber terminal to a communication network, comprising:
- storing in a communication network database authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a sequence number which is recalculated each time the subscriber terminal accesses the communication network;
  
  recalculating the sequence number by generating a new sequence number from a sequence number for the subscriber terminal stored in the communication network database and wherein each sequence number comprises a suffix and a prefix, the method of generating a new sequence number comprising;
  
  calculating a new sequence number suffix from an existing sequence number suffix, calculating a new sequence number prefix by addition to the prefix of the existing sequence number if the new suffix is non-zero, and calculating a new sequence number prefix by a randomising process if the new suffix is equal to zero;
  
  exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and
  
  based on said exchanged secret key information, authenticating access of said subscriber terminal to the communications network.

5. A method of authenticating access of a subscriber terminal to a communication network, comprising:
- storing in a communication network database authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a sequence number from a batch of sequence numbers which is recalculated each time the subscriber terminal accesses the communication network;
  
  recalculating the sequence number by generating a new sequence number from a sequence number for the subscriber terminal stored in the communication network database and wherein each sequence number comprises a suffix and a prefix, the method of generating a new sequence number comprising;
  
  calculating a new sequence number suffix from an existing sequence number suffix, calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomising process if the new suffix is equal to said predetermined value, and calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number;
  
  exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and
  
  based on said exchanged secret key information, authenticating access of said subscriber terminal to the communications network.

6. A system for authenticating access of a subscriber terminal to a communication network, said system comprising:
- a communication network database storing authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a set of authentication vectors constructed from a batch of sequence numbers generated by a sequence number generation system in said communications network wherein each sequence number comprises a suffix and a prefix, said sequence number generation system comprising;
  
  means for generating a batch of sequence numbers in a communications system wherein each sequence number comprises a suffix and a prefix;
  
  means for calculating a new sequence number suffix from an existing sequence number suffix;
  
  means for calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomising process if the new suffix is equal to said predetermined value;
  
  means for calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number;
  
  means for exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and
  
  means for authentications access of said subscriber terminal to the communications network based on said exchanged secret key information.

7. A home location register arranged to authenticate access of a subscriber terminal to a communication network, said home location register having a database for storing authentication information for said subscriber terminal for exchanging secret key information between said subscriber terminal and said communication network when said subscriber terminal accesses the communication network, said authentication information comprising a sequence number which is recalculated each time the subscriber terminal accesses the communication network;
- the home location register being arranged to recalculate the sequence number by generating a new sequence number from a sequence number for the subscriber terminal stored in the communication network database and wherein each sequence number comprises a suffix and a prefix, the home location register comprising;
  
  means for calculating a new sequence number suffix from an existing sequence number suffixmeans for calculating a new sequence number prefix by a randomising process if the new suffix is equal to a predetermined value;
  
  means for calculating a new sequence number prefix by an algorithmic process from the prefix of the existing sequence number if the new suffix differs from said predetermined valuemeans for exchanging secret key information between said subscriber terminal and said communication network using said recalculated sequence number; and
  
  means for authenticating access of said subscriber terminal to the communications network based on said exchanged secret key information.

8. A mobile handset arranged to respond to an authentication signal incorporating a set of authentication vectors constructed from a batch of sequence numbers generated by a system in a communications system wherein each sequence number comprises a suffix and a prefix, said sequence number generation system comprising:
- means for generating a batch of sequence numbers in a communications system wherein each sequence number comprises a suffix and a prefix;
  
  means for calculating a new sequence number suffix from an existing sequence number suffix;
  
  means for calculating a prefix of a first new sequence number of the batch by addition to the prefix of the existing sequence number if the new suffix is not equal to a predetermined value or by a randomising process if the new suffix is equal to said predetermined value;
  
  means for calculating prefixes for the other sequence numbers of the batch by modular addition of integers to the prefix of said first new sequence number; and
  
  means for exchanging secret key information with said communication network using said recalculated sequence number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Morgan, Anne
Primary Examiner(s)
Sheikh, Ayaz R
Assistant Examiner(s)
Moorthy, Aravind K

Application Number

US10/176,155
Publication Number

US 20030069003A1
Time in Patent Office

2,602 Days
Field of Search

713153-154, 713/160, 713/171, 713/182, 713200-201, 380/247, 380/249, 380/255, 380/200, 455/411
US Class Current

380/247
CPC Class Codes

H04L 9/3228   One-time or temporary data,...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

Sequence number calculation and authentication in a communications system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Sequence number calculation and authentication in a communications system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links