Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method

US 8,073,426 B2
Filed: 01/17/2006
Issued: 12/06/2011
Est. Priority Date: 02/01/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An authentication vector generation device comprising:

authentication vector generating means for generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;

attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and

transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, whereinsaid subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from the random numbers specifying said algorithm and secret information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to the present invention, a subscriber identity module in a wireless local area network is authenticated using an authentication vector with no decrease in the confidentiality of the calculation processing, even when a triplet is employed as the authentication vector. An HLR of a mobile communication network comprises an attachment unit for attaching to a RAND field of an authentication vector, which is used to authenticate an SIM in a wireless local area network, information specifying calculation information that is constituted by at least one of an algorithm and secret information for use in the authentication calculation. The SIM, which is mounted on a wireless LAN terminal, comprises a calculation information storage unit storing in advance a plurality of the calculation information, a specification unit for specifying the calculation information to be used in the calculation from the plurality of calculation information stored in the calculation information storage unit by referring to information specifying the calculation information, and a calculation unit for performing the calculation on the basis of the specified calculation information.

24 Citations

View as Search Results

20 Claims

1. An authentication vector generation device comprising:
- authentication vector generating means for generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
  
  attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and
  
  transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, whereinsaid subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from the random numbers specifying said algorithm and secret information.
- View Dependent Claims (2, 3, 4)
- - 2. The authentication vector generation device according to claim 1, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.
  - 3. The authentication vector generation device according to claim 1, whereinthe authentication vector generated by the authentication vector generation means includes second secret information,the secret information of the calculation information element is distinct from the second secret information of the authentication vector, andthe secret information of the calculation information element is an auxiliary key that is a secret key used in the authentication calculation.
  - 4. The authentication vector generation device according to claim 1, wherein the calculation information element is encrypted.

5. A subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, comprising:
- calculation information storage means storing in advance a plurality of calculation information elements including information specifying an algorithm and secret information having a predetermined number of bits for use in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element;
  
  reception means for receiving data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said authentication calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and information specifying said algorithm and secret information being separate from said random numbers stored in the random number field;
  
  specifying means for specifying a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage means by referring to said at least one calculation information element attached inside said random number field, included in said received data;
  
  calculating means for initiating said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and
  
  transmitting means for transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (6)
- - 6. The subscriber identity module according to claim 5, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

7. A wireless communication system comprising:
- an authentication vector generation device; and
  
  a subscriber identity module mounted on subscriber side terminal equipment which is capable of connecting to a wireless local area network,said authentication vector generation device including,authentication vector generating means for generating an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
  
  attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and
  
  transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, andsaid subscriber identity module including,calculation information storage means storing in advance a plurality of calculation information elements for use in said authentication calculation to authenticate said subscriber identity module;
  
  reception means for receiving data including said calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network;
  
  specifying means for specifying a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage means by referring to said at least one calculation information element attached inside said random number field, included in said received data;
  
  calculating means for initiating said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and
  
  transmitting means for transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (8)
- - 8. The wireless communication system according to claim 7, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

9. An authentication vector generation method in an authentication vector generation device, comprising:
- generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
  
  attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element;
  
  transmitting to said mobile communication network said random number field which includes said calculation information element; and
  
  initiating, in said subscriber identity module, said authentication calculation based on said calculation information element including information separate from said random numbers specifying said algorithm and secret information.
- View Dependent Claims (10)
- - 10. The authentication vector generation method according to claim 9, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

11. A calculation method in a subscriber identity module which is mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, said calculation method comprising:
- storing, in advance, a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits to be used in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element;
  
  receiving data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and said information specifying said algorithm and secret information being separate from said random numbers stored in the random number field;
  
  specifying a calculation information element, to be used in said authentication calculation, from said stored plurality of calculation information elements by referring to said at least one calculation information element attached inside said random number field included in said received data;
  
  initiating said authentication calculation on the basis of said at least one specified calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and
  
  transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (12)
- - 12. The calculation method in a subscriber identity module according to claim 11, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

13. A subscriber authentication method in a wireless communication system comprising an authentication vector generation device, and a subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, said subscriber authentication method comprises:
- storing, in advance, a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits to be used in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element;
  
  generating an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in said authentication calculation performed in said subscriber identity module;
  
  attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information to be used in said authentication calculation;
  
  receiving data for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching said calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network;
  
  specifying said calculation information element, to be used in said authentication calculation, from said stored plurality of calculation information elements by referring to said calculation information element attached inside said random number field included in said received data;
  
  initiating said authentication calculation on the basis of said specified calculation information element including said algorithm and said secret information, and for performing said authentication calculation using said received data; and
  
  transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (14)
- - 14. The subscriber authentication method according to claim 13, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

15. An authentication vector generation device comprising:
- an authentication vector generating device configured to generate an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
  
  an attaching device configured to attach inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and
  
  a transmitter configured to transmit to said mobile communication network said random number field which includes said calculation information element, whereinsaid subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from said random numbers specifying said algorithm and secret information for use in said authentication calculation.
- View Dependent Claims (16)
- - 16. The authentication vector generation device according to claim 15, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

17. A subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, comprising:
- a calculation information storage device configured to store in advance a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits for use in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element;
  
  a reception device configured to receive data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said authentication calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and said information specifying said algorithm and secret information being separate from said random numbers stored in the random number field;
  
  a specifying device configured to specify a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage device by referring to said at least one calculation information element attached inside said data of said random number field included in said received data;
  
  a calculating device configured to initiate said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and to perform said authentication calculation using said received data; and
  
  a transmitting device configured to transmit information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (18)
- - 18. The subscriber identity module according to claim 17, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

19. A wireless communication system comprising:
- an authentication vector generation device;
  
  and a subscriber identity module mounted on subscriber side terminal equipment which is capable of connecting to a wireless local area network,said authentication vector generation device including,an authentication vector generating device configured to generate an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
  
  an attaching device configured to attach inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and
  
  a transmitting device configured to transmit to said mobile communication network said random number field which includes said calculation information element, andsaid subscriber identity module including,a calculation information storage device configured to store in advance a plurality of calculation information elements for use in said authentication calculation to authenticate said subscriber identity module;
  
  a reception device configured to receive data including said calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network;
  
  a specifying device configured to specify said calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage device by referring to said at least one calculation information element attached inside said random number field, included in said received data;
  
  a calculating device configured to initiate said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and to perform said authentication calculation using said received data; and
  
  a transmitting device configured to transmit information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment.
- View Dependent Claims (20)
- - 20. The wireless communication system according to claim 19, wherein the information specifying said algorithm and said secret information is arranged in a character string separate from said random numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Original Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Inventors
Ishikawa, Hidetoshi
Primary Examiner(s)
Bost, Dwayne
Assistant Examiner(s)
MEHRA, INDER P

Application Number

US11/332,534
Publication Number

US 20060172723A1
Time in Patent Office

2,149 Days
Field of Search

455410-411, 455/432.1, 455/433, 455/435.1, 455/552.1, 370/252, 370/278, 370/338, 370/352, 370/353, 370/356, 370/386, 370/389, 370/401, 713/151, 713/155, 713/168, 713/169, 713/171, 713/182, 380/33, 380/247, 380258-259, 380270-280
US Class Current

455/410
CPC Class Codes

H04L 63/0853   using an additional device,...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 84/12   WLAN [Wireless Local Area N...

Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links