Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method
First Claim
1. An authentication vector generation device comprising:
- authentication vector generating means for generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module;
attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and
transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, whereinsaid subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from the random numbers specifying said algorithm and secret information.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the present invention, a subscriber identity module in a wireless local area network is authenticated using an authentication vector with no decrease in the confidentiality of the calculation processing, even when a triplet is employed as the authentication vector. An HLR of a mobile communication network comprises an attachment unit for attaching to a RAND field of an authentication vector, which is used to authenticate an SIM in a wireless local area network, information specifying calculation information that is constituted by at least one of an algorithm and secret information for use in the authentication calculation. The SIM, which is mounted on a wireless LAN terminal, comprises a calculation information storage unit storing in advance a plurality of the calculation information, a specification unit for specifying the calculation information to be used in the calculation from the plurality of calculation information stored in the calculation information storage unit by referring to information specifying the calculation information, and a calculation unit for performing the calculation on the basis of the specified calculation information.
24 Citations
20 Claims
-
1. An authentication vector generation device comprising:
-
authentication vector generating means for generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module; attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, wherein said subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from the random numbers specifying said algorithm and secret information. - View Dependent Claims (2, 3, 4)
-
-
5. A subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, comprising:
-
calculation information storage means storing in advance a plurality of calculation information elements including information specifying an algorithm and secret information having a predetermined number of bits for use in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; reception means for receiving data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said authentication calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and information specifying said algorithm and secret information being separate from said random numbers stored in the random number field; specifying means for specifying a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage means by referring to said at least one calculation information element attached inside said random number field, included in said received data; calculating means for initiating said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and transmitting means for transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (6)
-
-
7. A wireless communication system comprising:
-
an authentication vector generation device; and a subscriber identity module mounted on subscriber side terminal equipment which is capable of connecting to a wireless local area network, said authentication vector generation device including, authentication vector generating means for generating an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module; attaching means for attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and transmitting means for transmitting to said mobile communication network said random number field which includes said calculation information element, and said subscriber identity module including, calculation information storage means storing in advance a plurality of calculation information elements for use in said authentication calculation to authenticate said subscriber identity module; reception means for receiving data including said calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network; specifying means for specifying a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage means by referring to said at least one calculation information element attached inside said random number field, included in said received data; calculating means for initiating said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and transmitting means for transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (8)
-
-
9. An authentication vector generation method in an authentication vector generation device, comprising:
-
generating an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module; attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from the random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; transmitting to said mobile communication network said random number field which includes said calculation information element; and initiating, in said subscriber identity module, said authentication calculation based on said calculation information element including information separate from said random numbers specifying said algorithm and secret information. - View Dependent Claims (10)
-
-
11. A calculation method in a subscriber identity module which is mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, said calculation method comprising:
-
storing, in advance, a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits to be used in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; receiving data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and said information specifying said algorithm and secret information being separate from said random numbers stored in the random number field; specifying a calculation information element, to be used in said authentication calculation, from said stored plurality of calculation information elements by referring to said at least one calculation information element attached inside said random number field included in said received data; initiating said authentication calculation on the basis of said at least one specified calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and for performing said authentication calculation using said received data; and transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (12)
-
-
13. A subscriber authentication method in a wireless communication system comprising an authentication vector generation device, and a subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, said subscriber authentication method comprises:
-
storing, in advance, a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits to be used in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; generating an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in said authentication calculation performed in said subscriber identity module; attaching, inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information to be used in said authentication calculation; receiving data for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching said calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network; specifying said calculation information element, to be used in said authentication calculation, from said stored plurality of calculation information elements by referring to said calculation information element attached inside said random number field included in said received data; initiating said authentication calculation on the basis of said specified calculation information element including said algorithm and said secret information, and for performing said authentication calculation using said received data; and transmitting information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (14)
-
-
15. An authentication vector generation device comprising:
-
an authentication vector generating device configured to generate an authentication vector used to authenticate a subscriber identity module in a wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module; an attaching device configured to attach inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and a transmitter configured to transmit to said mobile communication network said random number field which includes said calculation information element, wherein said subscriber identity module initiates said authentication calculation based on said calculation information element including information separate from said random numbers specifying said algorithm and secret information for use in said authentication calculation. - View Dependent Claims (16)
-
-
17. A subscriber identity module mounted on subscriber side terminal equipment that is capable of connecting to a wireless local area network, comprising:
-
a calculation information storage device configured to store in advance a plurality of calculation information elements, each calculation information element including an algorithm and secret information having a predetermined number of bits for use in an authentication calculation to authenticate said subscriber identity module, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; a reception device configured to receive data including a calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information specifying an algorithm and secret information inside a random number field storing random numbers for use in said authentication calculation, said random number field being provided in an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, and said information specifying said algorithm and secret information being separate from said random numbers stored in the random number field; a specifying device configured to specify a calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage device by referring to said at least one calculation information element attached inside said data of said random number field included in said received data; a calculating device configured to initiate said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and to perform said authentication calculation using said received data; and a transmitting device configured to transmit information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (18)
-
-
19. A wireless communication system comprising:
-
an authentication vector generation device; and a subscriber identity module mounted on subscriber side terminal equipment which is capable of connecting to a wireless local area network, said authentication vector generation device including, an authentication vector generating device configured to generate an authentication vector used to authenticate said subscriber identity module in said wireless local area network connected to a mobile communication network, said authentication vector having a random number field for storing random numbers used in an authentication calculation performed in said subscriber identity module; an attaching device configured to attach inside said random number field of said generated authentication vector, a calculation information element including information, separate from said random numbers stored in the random number field, specifying an algorithm and secret information having a predetermined number of bits for use in said authentication calculation, the number of bits of the secret information being set differently for each of a plurality of algorithms specified by the calculation information element; and a transmitting device configured to transmit to said mobile communication network said random number field which includes said calculation information element, and said subscriber identity module including, a calculation information storage device configured to store in advance a plurality of calculation information elements for use in said authentication calculation to authenticate said subscriber identity module; a reception device configured to receive data including said calculation information element for use in said authentication calculation, said data being transmitted from said subscriber side terminal equipment by attaching at least one calculation information element including information separate from said random numbers specifying an algorithm and secret information inside said random number field of said authentication vector used to authenticate said subscriber identity module in said wireless local area network; a specifying device configured to specify said calculation information element, to be used in said authentication calculation, from said plurality of calculation information elements stored in said calculation information storage device by referring to said at least one calculation information element attached inside said random number field, included in said received data; a calculating device configured to initiate said authentication calculation on the basis of said at least one calculation information element including information separate from said random numbers specifying said algorithm and said secret information, and to perform said authentication calculation using said received data; and a transmitting device configured to transmit information regarding a calculated result of said authentication calculation to said subscriber side terminal equipment. - View Dependent Claims (20)
-
Specification