Method and apparatus for providing cellular telephone service using an authenticating cellular telephone device
First Claim
1. A method for providing cellular telephone service in a telephone service provider, comprising the steps of:
- receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key;
providing source test data, said step of providing source test data being performed by said telephone service provider;
performing a pair of complementary data transformations of said source test data to produce resultant test data, by;
(a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said telephone service provider, and(b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation;
comparing said source test data to said resultant test data, said comparing step being performed by said telephone service provider;
verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data is performed by said telephone service provider and comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data;
providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data.
0 Assignments
0 Petitions
Accused Products
Abstract
A smart chip protection system contains a unique public/private identity key pair and uses a separate public/private signature key pair. The internally stored identity private key can not be read outside the chip. An issuing entity generates a descriptor containing the identity public key, attribute data, and a digital signature of the two, using a signature private key known only to the issuer. The authenticity of the descriptor is verified by decrypting the signature using the signature public key, and comparing the result to source data. An object'"'"'s identity can be verified by requesting the smart chip to perform a data transformation using its identity private key, and performing the complement using the public key. An exemplary embodiment is a cellular telephone, in which a service provider verifies identity of the telephone and correct signature as a condition to providing service.
-
Citations
18 Claims
-
1. A method for providing cellular telephone service in a telephone service provider, comprising the steps of:
-
receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key; providing source test data, said step of providing source test data being performed by said telephone service provider; performing a pair of complementary data transformations of said source test data to produce resultant test data, by; (a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, said performing a first data transformation step being performed by said telephone service provider, and (b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation; comparing said source test data to said resultant test data, said comparing step being performed by said telephone service provider; verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data is performed by said telephone service provider and comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data; providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method in a telephone service provider for updating attribute data contained in a cellular telephone, comprising the steps of:
-
obtaining a descriptor associated with said cellular telephone, said descriptor including an identity public key for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key; verifying that said digital signature matches said attribute data and said identity public key by decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data; performing a pair of complementary data transformations of source test data to produce resultant test data, a first of said pair of complementary data transformations being performed by said telephone service provider according to said first public/private key encryption algorithm using said identity public key, and a second of said pair of complementary data transformations being performed by requesting said cellular telephone to perform said second data transformation according to said first public/private key encryption algorithm using an identity private key in said cellular telephone and receiving data from said cellular telephone responsive to said request, said identity private key corresponding to said identity public key according to said first public/private key encryption algorithm; comparing said source test data with said resultant test data; and depending on the results of said step of comparing said source test data with said resultant test data and said step of verifying that said digital signature matches said attribute data and said identity public key, transmitting an updated descriptor to said cellular telephone, said updated descriptor comprising said identity public key, updated attribute data, and a digital signature of said identity public key and said updated attribute data. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product for operating a communication station of a telephone service in a telephone service provider, comprising:
-
a plurality of computer-executable instructions recorded on a non-transitory computer-readable medium, wherein said instructions, when executed on at least one digital data processing system of a telephone service provider, cause the at least one digital data processing system to perform the steps of; receiving a data descriptor transmitted from a cellular telephone to said telephone service provider, said data descriptor comprising an identity public key of said cellular telephone for transforming data according to a first public/private key encryption algorithm, attribute data of said cellular telephone, and a digital signature of said identity public key and said attribute data, said digital signature representing an encryption of data derived from said identity public key and said attribute data, said encryption being according to a second public/private key encryption algorithm using a signature private key; providing source test data; causing a pair of complementary data transformations of said source test data to be performed to produce resultant test data, by; (a) performing a first data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using said identity public key, and (b) requesting said cellular telephone to perform a second data transformation of said pair of complementary data transformations according to said first public/private key encryption algorithm using an identity private key stored in said cellular telephone, and receiving the results of said second data transformation; comparing said source test data to said resultant test data; and verifying that said digital signature matches said identity public key and said attribute data, wherein verifying that said digital signature matches said identity public key and said attribute data comprises decrypting said digital signature according to said second public/private key encryption algorithm using a signature public key, and comparing the decrypted digital signature to said data derived from said identity public key and said attribute data; providing cellular telephone service to said cellular telephone depending on whether said source test data matches said resultant test data and whether said digital signature matches said identity public key and said attribute data. - View Dependent Claims (15, 16, 17, 18)
-
Specification