Local authentication of mobile subscribers outside their home systems

US 7,751,567 B2
Filed: 06/01/2005
Issued: 07/06/2010
Est. Priority Date: 01/05/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:

a memory; and

a processor configured to implement a set of instructions stored in the memory, the set of instructions for;

generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communication unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit;

generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and

transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber'"'"'s account.

91 Citations

View as Search Results

18 Claims

1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:
- a memory; and
  
  a processor configured to implement a set of instructions stored in the memory, the set of instructions for;
  
  generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communication unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit;
  
  generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and
  
  transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
- View Dependent Claims (4)
- - 4. The token of claim 1, the processor the configured to implement additional instructions stored in the memory, the additional instructions for:
    - assigning a weight to a transmission message at the mobile unit in accordance with a relative importance of the transmission message; and
      
      wherein the authentication signal is generated and transmitted only if the assigned weight to the transmission message indicates that the transmission message is important,otherwise, if the message is unimportant, the transmission message is transmitted without the authentication signal.

2. The token of 1, wherein the authentication signal is generated by a hash function.

3. The token of 2, wherein the hash function is the Secure Hash Algorithm (SHA-1).

5. A subscriber identification token for use by a subscriber in a mobile unit, the token comprising:
- a key generation element for generating a plurality of keys, where at least one key from the plurality of keys is an integrity key that is provided to the mobile unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit; and
  
  a signature generator configured to receive the authentication key from the key generation element and a first signature from the mobile unit, where the first signature is based on the integrity key, the signature generator further configured to output a second signature to the mobile unit, wherein the second signature is generated based on the authentication key and the first signature and the second signature is for authenticating the identity of the subscriber.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The token of claim 5, comprising:
    - a memory; and
      
      a processor configured to execute a set of instructions stored in the memory, wherein the set of instructions performs a cryptographic transformation upon an input value to produce a plurality of temporary keys.
  - 7. The token of claim 6, wherein the cryptographic transformation is performed using a permanent key.
  - 8. The token of claim 5, comprising:
    - a memory; and
      
      a processor configured to execute a set of instructions stored in the memory, wherein the set of instructions performs a cryptographic transformation upon the information from the mobile unit by using the authentication key, wherein the signature results from the cryptographic transformation.
  - 9. The subscriber identification token of claim 5, wherein a weight is assigned to a transmission message at the mobile unit in accordance with a relative importance of the transmission message, and the second signature is generated and transmitted only if the assigned weight of the transmission message indicates that the transmission message is important, otherwise, if the message is unimportant, the transmission message is transmitted without the second signature.

10. A method for providing authentication of a subscriber using a subscriber identification token within a mobile unit, comprising:
- generating a plurality of keys at the subscriber identification token, where the plurality of keys includes a first key and a second key;
  
  transmitting the first key from the plurality of keys to the mobile unit communicatively coupled to the subscriber identification token and keeping the second key private from the mobile unit;
  
  generating a signature at the mobile unit using both the first key transmitted to the mobile unit and a transmission message;
  
  transmitting the signature to the subscriber identification token;
  
  receiving the signature at the subscriber identification token;
  
  generating a primary signature from the received signature and the second key at the subscriber identification token; and
  
  conveying the primary signature to a visited communication system, for authenticating the identity of the subscriber within the visited communication system.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the generating of the signature signal is performed using a nonreversible operation.
  - 12. The method of claim 10, wherein the generating of the signature signal is performed using DES.
  - 13. The method of claim 10, wherein the generating of the signature signal is performed using a hash function.
  - 14. The method of claim 13, wherein the hash function is SHA-1.
  - 15. The method of claim 10, further comprising:
    - assigning a weight to the transmission message at the mobile unit in accordance with a relative importance of the transmission message; and
      
      wherein transmitting the signature comprises;
      
      transmitting the signature to a communications system if the assigned weight to the transmission message indicates that the transmission message is unimportant; and
      
      transmitting the signature to the subscriber identification token if the assigned weight to the transmission message indicates that the transmission message is important.

16. A processor for use in a subscriber identification token for providing local authentication of a subscriber in a visited communication system, the processor configured to control:
- generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit;
  
  generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, andtransmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.

17. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising:
- means for generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit;
  
  means for generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and
  
  means for transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.

18. A storage medium having one or more instructions operational on a subscriber identification token for providing local authentication of a subscriber in a visited communication system, which when executed by a processor causes the processor to:
- generate a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit;
  
  generate an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communication unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, andtransmit the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Quick, Roy F. Jr., Rose, Gregory G.
Primary Examiner(s)
Moorthy; Aravind K

Application Number

US11/142,994
Publication Number

US 20050257255A1
Time in Patent Office

1,861 Days
Field of Search

380/264, 380/247, 380/248, 380/270, 380/43, 380/278, 380/44, 380/47, 380/28, 713/150, 713/159, 713/161, 713/168, 713/171, 713/172, 713/176, 713/181, 713/185, 726/9, 455/403, 455/410, 455/411, 455/432.1
US Class Current

380/264
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 63/12   Applying verification of th...

H04L 9/14   using a plurality of keys o...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/128   Anti-malware arrangements, ...

H04W 88/02   Terminal devices

Local authentication of mobile subscribers outside their home systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Local authentication of mobile subscribers outside their home systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links