Local authentication of mobile subscribers outside their home systems
First Claim
Patent Images
1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising:
- a memory; and
a processor configured to implement a set of instructions stored in the memory, the set of instructions for;
generating a plurality of keys in response to a received challenge;
generating an initial value based upon a first key from the plurality of keys;
concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit;
hashing the input value to form an authentication signal; and
transmitting the authentication signal to the communications system via the communications unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are presented for providing local authentication of subscribers travelling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber'"'"'s account.
56 Citations
28 Claims
-
1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising:
-
a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for; generating a plurality of keys in response to a received challenge; generating an initial value based upon a first key from the plurality of keys; concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hashing the input value to form an authentication signal; and transmitting the authentication signal to the communications system via the communications unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A subscriber identification module, comprising:
-
a key generation element; and a signature generator configured to receive a secret key from the key generation element and information from a mobile unit, and further configured to generate a signature that will be sent to the mobile unit, wherein the signature is generated by concatenating the secret key with the information from the mobile unit and hashing the concatenated secret key and information. - View Dependent Claims (9, 10)
-
-
11. An apparatus for providing secure local authentication of a subscriber in a communication system, comprising a subscriber identification module configured to interact with a communications unit, wherein the subscriber identification module comprises:
-
a key generator for generating a plurality of keys from a received value and a secret value, wherein at least one communication key from the plurality of keys is delivered to the communications unit and at least one secret key from the plurality of keys is not delivered to the communications unit; and a signature generator for generating an authorization signal from hashing a version of the at least one secret key together with an authorization message, wherein the authorization message is generated by the communications unit using a version of the at least one communication key. - View Dependent Claims (12, 13, 14)
-
-
15. A method for providing authentication of a subscriber using a subscriber identification device, comprising:
-
generating a plurality of keys; transmitting at least one key from the plurality of keys to a communications device communicatively coupled to the subscriber identification device and holding private at least one key from the plurality of keys; generating a signature at the communications device using both the at least one key transmitted to the communications device and a transmission message, wherein generating is implemented by hashing a concatenated value formed from the at least one key and the transmission message; transmitting the signature to the subscriber identification device; receiving the signature at the subscriber identification device; generating a primary signature from the received signature, wherein the generating is implemented by hashing a concatenated value formed from the at least one private key and the signature received from the communications device; and conveying the primary signature to a communications system. - View Dependent Claims (16)
-
-
17. A method operational on a subscriber identification device for providing local authentication of a subscriber, comprising:
-
generating a plurality of keys in response to a received challenge; generating an initial value based on a first key from the plurality of keys; concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hashing the input value to form an authentication signal; and transmitting the authentication signal to the communications system via the communications unit.
-
-
18. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising:
-
means for generating a plurality of keys in response to a received challenge; means for generating an initial value based on a first key from the plurality of keys; means for concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; means for hashing the input value to form an authentication signal; and means for transmitting the authentication signal to the communications system via the communications unit.
-
-
19. A machine-readable medium having one or more instructions for authenticating a subscriber using a subscriber identification device, which when executed by a processor causes the processor to:
-
generate a plurality of keys in response to a received challenge; generate an initial value based on a first key from the plurality of keys; concatenate the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hash the input value to form an authentication signal; and transmit the authentication signal to the communications system via the communications unit.
-
-
20. A method operational on a subscriber identification device, comprising:
-
receiving a secret key from a key generation element and information from a mobile unit; concatenating the secret key with the information from the mobile unit; hashing the concatenated secret key and information to generate a signature; and sending the signature to the mobile unit. - View Dependent Claims (21)
-
-
22. A subscriber identification device, comprising:
-
means for receiving a secret key from a key generation element and information from a mobile unit; means for concatenating the secret key with the information from the mobile unit; means for hashing the concatenated secret key and information to generate a signature; and means for sending the signature to the mobile unit. - View Dependent Claims (23)
-
-
24. A machine-readable medium having one or more instructions operational on a subscriber identification device for authenticating a subscriber, which when executed by a processor causes the processor to:
-
receive a secret key from a key generation element and information from a mobile unit; concatenate the secret key with the information from the mobile unit; hash the concatenated secret key and information to generate a signature; and send the signature to the mobile unit. - View Dependent Claims (25)
-
-
26. A method operational on a subscriber identification module for providing secure local authentication of a subscriber in a communication system, comprising:
-
generating a plurality of keys from a received value and a secret value; delivering at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; withholding at least one secret key from the plurality of keys from the communication unit; and hashing a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key.
-
-
27. A subscriber identification module for providing secure local authentication of a subscriber in a communication system, comprising:
-
means for generating a plurality of keys from a received value and a secret value; means for delivering at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; means for withholding at least one secret key from the plurality of keys from the communication unit; and means for hashing a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key.
-
-
28. A machine-readable medium having one or more instructions operational on a subscriber identification device for providing secure local authentication of a subscriber in a communication system, which when executed by a processor causes the processor to:
-
generate a plurality of keys from a received value and a secret value; deliver at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; withhold at least one secret key from the plurality of keys from the communication unit; and hash a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key.
-
Specification