Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

US 7,797,541 B2
Filed: 12/29/2005
Issued: 09/14/2010
Est. Priority Date: 06/19/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing cellular telephone service in a telephone service provider, comprising the steps of:

receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key;

providing source test data, said step of providing source test data being performed by said telephone service provider;

performing a pair of complementary data transformations of said source test data to produce resultant test data, by;

(a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said telephone service provider, and(b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation;

comparing said source test data to said resultant test data, said comparing step being performed by said telephone service provider;

verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data is performed by said telephone service provider and comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data;

providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart chip protection system contains a unique public/private identity key pair and uses a separate public/private signature key pair. The internally stored identity private key can not be read outside the chip. An issuing entity generates a descriptor containing the identity public key, attribute data, and a digital signature of the two, using a signature private key known only to the issuer. The authenticity of the descriptor is verified by decrypting the signature using the signature public key, and comparing the result to source data. An object'"'"'s identity can be verified by requesting the smart chip to perform a data transformation using its identity private key, and performing the complement using the public key. An exemplary embodiment is a cellular telephone, in which a service provider verifies identity of the telephone and correct signature as a condition to providing service.

Citations

18 Claims

1. A method for providing cellular telephone service in a telephone service provider, comprising the steps of:
- receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key;
  
  providing source test data, said step of providing source test data being performed by said telephone service provider;
  
  performing a pair of complementary data transformations of said source test data to produce resultant test data, by;
  
  (a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said telephone service provider, and(b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation;
  
  comparing said source test data to said resultant test data, said comparing step being performed by said telephone service provider;
  
  verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data is performed by said telephone service provider and comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data;
  
  providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method for providing cellular telephone service of claim 1, wherein said attribute data includes an identifier identifying said cellular telephone.
  - 3. The method for providing cellular telephone service of claim 2, wherein said identifier comprises a telephone number of said cellular telephone.
  - 4. The method for providing cellular telephone service of claim 1, wherein said first data transformation is an encryption of said source test data and said second data transformation is a decryption of said source test data encrypted by said first data transformation, said first data transformation being performed before said second data transformation.
  - 5. The method for providing cellular telephone service of claim 1, wherein said second data transformation is an encryption of said source test data and said first data transformation is a decryption of said source test data encrypted by said second data transformation, said second data transformation being performed before said first data transformation.
  - 6. The method for providing cellular telephone service of claim 1, wherein said source test data is randomly generated data.
  - 7. The method for providing cellular telephone service of claim 1, wherein said method is performed locally at a communication station in communication with said cellular telephone.
  - 8. The method for providing telephone service of claim 1, wherein at least one step of said method is performed locally at a communication station in communication with said telephone, and at least one step of said method is performed at a telephone service provider facility remote from said communication station.

9. A method in a telephone service provider for updating attribute data contained in a cellular telephone, comprising the steps of:
- obtaining a descriptor associated with said cellular telephone, said descriptor including an identity public key for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key;
  
  verifying that said digital signature matches said attribute data and said identity public key by decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data;
  
  performing a pair of complementary data transformations of source test data to produce resultant test data, a first of said pair of complementary data transformations being performed by said telephone service provider according to said first public/private key encryption algorithm using said identity public key, and a second of said pair of complementary data transformations being performed by requesting said cellular telephone to perform said second data transformation according to said first public/private key encryption algorithm using an identity private key in said cellular telephone and receiving data from said cellular telephone responsive to said request, said identity private key corresponding to said identity public key according to said first public/private key encryption algorithm;
  
  comparing said source test data with said resultant test data; and
  
  depending on the results of said step of comparing said source test data with said resultant test data and said step of verifying that said digital signature matches said attribute data and said identity public key, transmitting an updated descriptor to said cellular telephone, said updated descriptor comprising said identity public key, updated attribute data, and a digital signature of said identity public key and said updated attribute data.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method in a telephone service provider for updating attribute data contained in a cellular telephone of claim 9, further comprising generating said updated descriptor by generating said digital signature by encrypting a derivation of said identity public key and said updated attribute data according to said second public/private key encryption algorithm using said signature private key.
  - 11. The method in a telephone service provider for updating attribute data contained in a cellular telephone of claim 9, wherein said first of said pair of complementary data transformations is an encryption of said source test data and said second of said pair of complementary data transformations is a decryption of said source test data encrypted by said first transformation, said first transformation being performed before said second transformation.
  - 12. The method in a telephone service provider for updating attribute data contained in a cellular telephone of claim 9, wherein said second of said pair of complementary data transformations is an encryption of said source test data and said first of said pair of complementary data transformations is a decryption of said source test data encrypted by said second transformation, said second transformation being performed before said first transformation.
  - 13. The method in a telephone service provider for updating attribute data contained in a cellular telephone of claim 9, wherein said source test data is randomly generated data.

14. A computer program product for operating a communication station of a telephone service in a telephone service provider, comprising:
- a plurality of computer-executable instructions recorded on a non-transitory computer-readable medium, wherein said instructions, when executed on at least one digital data processing system of a telephone service provider, cause the at least one digital data processing system to perform the steps of;
  
  receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key;
  
  providing source test data;
  
  causing a pair of complementary data transformations of said source test data to be performed to produce resultant test data, by;
  
  (a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, and(b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation;
  
  comparing said source test data to said resultant test data; and
  
  verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data;
  
  providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer program product of claim 14, wherein said attribute data includes an identifier identifying said cellular telephone.
  - 16. The computer program product of claim 15, wherein said identifier comprises a telephone number of said cellular telephone.
  - 17. The computer program product of claim 14, wherein said source test data is randomly generated data.
  - 18. The computer program product of claim 14, wherein said steps are performed locally at a communication station in communication with said cellular telephone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lewis, David Otto, Remfert, Jeffrey Earl
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Paliwal; Yogesh

Application Number

US11/321,605
Publication Number

US 20060107059A1
Time in Patent Office

1,720 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

H04L 2209/84   Vehicles

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links