HRPD network access authentication method based on cave algorithm

US 7,990,930 B2
Filed: 04/10/2009
Issued: 08/02/2011
Est. Priority Date: 09/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method for operating during an authentication in an AT (Access Terminal) having a Removable User Identity Module (R-UIM) card using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:

extracting, by the AT, a RANDom number (RAND) from a CHAP (Challenge Handshake Authentication Protocol) challenge message from a High Rate Packet Data (HRPD) system;

instructing, by the AT, the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND; and

transmitting, by the AT, to the HRPD system, the authentication parameter and an identification of the AT in a CHAP response message, in response to the CHAP challenge message,wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems, andwherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and HPRD systems for packet data services.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A HRPD network access authentication method based on CAVE algorithm is provided. An AT (Access Terminal) generates a random number “RAND” necessary for a calculation of an AUTH1 by using a “Random text” included in the CHAP Challenge message. A UIM (User Identity Module) card works out the AUTH1 by using the random number “RAND” and an SSD_A (Shared Secret Data A) in the UIM card. The AT carries the AUTH1 in a Result field of the CHAP Response message. An AN-AAA (Access Network-Authentication, Authorization, and Accounting) generates the random number “RAND” necessary for the calculation of an AUTH2 by using a “Random text” included in a Radius Access Request message. The AN-AAA works out the AUTH2 by using the random number “RAND”. The two results AUTH1 and AUTH2 are compared. If the results are the same, the authentication on the AT passes. Otherwise, AT access is rejected.

25 Citations

13 Claims

1. A method for operating during an authentication in an AT (Access Terminal) having a Removable User Identity Module (R-UIM) card using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:
- extracting, by the AT, a RANDom number (RAND) from a CHAP (Challenge Handshake Authentication Protocol) challenge message from a High Rate Packet Data (HRPD) system;
  
  instructing, by the AT, the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND; and
  
  transmitting, by the AT, to the HRPD system, the authentication parameter and an identification of the AT in a CHAP response message, in response to the CHAP challenge message,wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems, andwherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and HPRD systems for packet data services.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as defined in claim 1, wherein the R-UIM card calculates the authentication parameter using a Shared Secret Data (SSD) using the RAND.
  - 3. The method as defined in claim 1, wherein the identification is a NAI (Network Access Identifier).
  - 4. The method as defined in claim 3, wherein the NAI, includes a combination of an IMSI (International Mobile Station Inquiry) in the R-UIM card and a domain name in the AT.
  - 5. The method as defined in claim 2, further comprising updating the SSD, which is stored in the R-UIM card, according to a request from the CDMA 2000 1x system.

6. A method for operating during an authentication in an Access Terminal (AT) having a Removable User Identity Module (R-UIM) using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:
- determining, by an Access Network-Authentication Authorization and Accounting (AN-AAA) server in a High Rate Packet Data (HPRD) system, whether the AT performs the authentication using the CAVE algorithm;
  
  determining, by the AN-AAA server, a RAN Dom number (RAND) used by the AT if the AT uses the CAVE algorithm;
  
  verifying, by the AN-AAA server, an AUTH1 sent by the AT and determining the authentication for the AT; and
  
  transmitting, by the AN-AAA server, to an access network, the determined authentication for the AT,wherein the R-UIM is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems,wherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services, andwherein determining the authentication for the AT comprises comparing, by the AN-AAA server, the AUTH1 and an AUTH 2 calculated using the RAND and authenticating, by the AN-AAA server, for the AT, if the AUTH2 is identical with the AUTH1.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method as defined in claim 6, wherein after the AN-AAA server calculates an AUTH3 by using a Message-Digest5 (MD5) algorithm, the AN-AAA server compares the AUTH3 with the AUTH1, authenticates the AT if the AUTH3 is identical to the AUTH1, calculates the AUTH2 using the CAVE algorithm if the AUTH3 is not identical with the AUTH1 and authenticates the AT, if the AUTH2 is identical to the AUTH1.
  - 8. The method as defined in claim 6, wherein the AN-AAA server calculates the AUTH2 using the CAVE algorithm, compares the AUTH2 with the AUTH1, authenticates the AT if the AUTH2 is identical to the AUTH1, calculates an AUTH3 using a Message-Digest5 (MD5) algorithm if the AUTH2 is not identical to the AUTH1 and authenticates the AT if the AUTH3 is identical with the AUTH1.
  - 9. The method as defined in claim 6, wherein the AN-AAA server calculates the AUTH2 using a Shared Secret Data (SSD) using the RAND.
  - 10. The method as defined in claim 9, wherein the AN-AAA server receives the SSD from an CDMA 2000 1x network authentication center.
  - 11. The method as defined in claim 6, wherein the AN-AAA server determines whether the AT uses the CAVE algorithm according to an identification of the AT.

12. A system for authenticating by using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising:
- a Hybrid Access Terminal (HAT) having a Removable User Identity Module (R-UIM) card, for extracting a RANDom number (RAND) included in a Challenge Handshake Authentication Protocol (CHAP) challenge message from a High Rate Packet Data (HRPD) system, instructing the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND, and transmitting to the HRPD system, the authentication parameter and an identification of the HAT in a CHAP response message in response to the CHAP Challenge message,wherein the R-UIM card is used for authenticating the HAT in Code Division Multiple Access (CDMA) 2000 1x and HARD (High Rate Packet Data) systems, andwherein the HAT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services.

13. A system for performing an authentication in an Access Terminal (AT) having a Removable User Identity Module (R-UIM) using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising:
- an Access Network-Authentication Authorization and Accounting (AN-AAA) server in a High Rate Packet Data (HRPD) system for determining whether the AT performs the authentication using the CAVE algorithm, determining a RANDom number (RAND) used by the AT if the AT uses the CAVE algorithm verifying an AUTH1 sent by the AT and determining the authentication for the AT,wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HRPD systems,wherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services, andwherein determining the auth entication for the AT comprises comparing, by the AN-AAA server, the AUTH1 and an AUTH 2 calculated using the RAND and authenticating, by the AN-AAA server, for the AT, if the AUTH2 is identical with the AUTH1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Samsung Telecom R&D Center (Samsung Electronics Co. Ltd.), Samsung Electronics Co. Ltd.
Original Assignee
Beijing Samsung Telecom R&D Center (Samsung Electronics Co. Ltd.), Samsung Electronics Co. Ltd.
Inventors
Liu, Weimin
Primary Examiner(s)
Patel; Ajit

Application Number

US12/421,986
Publication Number

US 20090190562A1
Time in Patent Office

844 Days
Field of Search

None
US Class Current

370/335
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

HRPD network access authentication method based on cave algorithm

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

HRPD network access authentication method based on cave algorithm

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links