Local authentication of mobile subscribers outside their home systems
First Claim
Patent Images
1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:
- a memory; and
a processor configured to implement a set of instructions stored in the memory, the set of instructions for;
generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communication unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit;
generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and
transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber'"'"'s account.
-
Citations
18 Claims
-
1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:
-
a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for; generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communication unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit; generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system. - View Dependent Claims (4)
-
-
2. The token of 1, wherein the authentication signal is generated by a hash function.
-
3. The token of 2, wherein the hash function is the Secure Hash Algorithm (SHA-1).
-
5. A subscriber identification token for use by a subscriber in a mobile unit, the token comprising:
-
a key generation element for generating a plurality of keys, where at least one key from the plurality of keys is an integrity key that is provided to the mobile unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit; and a signature generator configured to receive the authentication key from the key generation element and a first signature from the mobile unit, where the first signature is based on the integrity key, the signature generator further configured to output a second signature to the mobile unit, wherein the second signature is generated based on the authentication key and the first signature and the second signature is for authenticating the identity of the subscriber. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for providing authentication of a subscriber using a subscriber identification token within a mobile unit, comprising:
-
generating a plurality of keys at the subscriber identification token, where the plurality of keys includes a first key and a second key; transmitting the first key from the plurality of keys to the mobile unit communicatively coupled to the subscriber identification token and keeping the second key private from the mobile unit; generating a signature at the mobile unit using both the first key transmitted to the mobile unit and a transmission message; transmitting the signature to the subscriber identification token; receiving the signature at the subscriber identification token; generating a primary signature from the received signature and the second key at the subscriber identification token; and conveying the primary signature to a visited communication system, for authenticating the identity of the subscriber within the visited communication system. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A processor for use in a subscriber identification token for providing local authentication of a subscriber in a visited communication system, the processor configured to control:
-
generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, and transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
-
-
17. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:
-
means for generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; means for generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and means for transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
-
-
18. A storage medium having one or more instructions operational on a subscriber identification token for providing local authentication of a subscriber in a visited communication system, which when executed by a processor causes the processor to:
-
generate a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; generate an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communication unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, and transmit the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
-
Specification