Increased security during network entry of wireless communication devices

US 8,359,470 B1
Filed: 07/20/2009
Issued: 01/22/2013
Est. Priority Date: 07/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method of operating a wireless communication system, the method comprising:

exchanging wireless communications between a wireless access node and a wireless communication device to perform a network entry process, wherein the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase;

monitoring performance characteristics of a wireless link between the wireless communication device and the wireless access node carrying the wireless communications of the network entry process;

during the capability exchange phase, transferring a capability negotiation message from the wireless communication device, and receiving the capability negotiation message in the wireless access node;

during the authentication exchange phase, transferring an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message from the wireless communication device, and receiving the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message in the wireless access node;

authenticating the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device;

detecting when the network entry process is discontinued if the capability negotiation message is not authentic; and

processing the performance characteristics and a time of when the network entry process is discontinued to determine if the performance characteristics at the time of when the network entry process is discontinued indicate a security breach on the wireless link.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

What is disclosed is a method of operating a wireless communication system. The method includes exchanging wireless communications between a wireless access node and a wireless communication device to perform a network entry process, where the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase. The method also includes, during the capability exchange phase, transferring a capability negotiation message from the wireless communication device, and receiving the capability negotiation message in the wireless access node. The method also includes, during the authentication exchange phase, transferring an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message from the wireless communication device, and receiving the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message in the wireless access node. The method also includes authenticating the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device.

Citations

18 Claims

1. A method of operating a wireless communication system, the method comprising:
- exchanging wireless communications between a wireless access node and a wireless communication device to perform a network entry process, wherein the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase;
  
  monitoring performance characteristics of a wireless link between the wireless communication device and the wireless access node carrying the wireless communications of the network entry process;
  
  during the capability exchange phase, transferring a capability negotiation message from the wireless communication device, and receiving the capability negotiation message in the wireless access node;
  
  during the authentication exchange phase, transferring an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message from the wireless communication device, and receiving the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message in the wireless access node;
  
  authenticating the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device;
  
  detecting when the network entry process is discontinued if the capability negotiation message is not authentic; and
  
  processing the performance characteristics and a time of when the network entry process is discontinued to determine if the performance characteristics at the time of when the network entry process is discontinued indicate a security breach on the wireless link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - continuing the network entry process if the capability negotiation message is authentic, and discontinuing the network entry process if the capability negotiation message is not authentic.
  - 3. The method of claim 1, further comprising:
    - determining a response to the capability negotiation message and a digital signature for the response to the capability negotiation message;
      
      during the capability exchange phase, transferring for delivery to the wireless communication device the response to the capability negotiation message, and receiving the response to the capability negotiation message in the wireless communication device;
      
      during the authentication exchange phase, transferring for delivery to the wireless communication device an authentication key associated with the wireless communication system and the digital signature for the response to the capability negotiation message, and receiving the authentication key associated with the wireless communication system and the digital signature for the response to the capability negotiation message in the wireless communication device; and
      
      in the wireless communication device, authenticating the response to the capability negotiation message based upon the digital signature for the response to the capability negotiation message and the authentication key associated with the wireless communication system.
  - 4. The method of claim 3, further comprising:
    - in the wireless communication device, continuing the network entry process if the response to the capability negotiation message is authentic, and discontinuing the network entry process if the response to the capability negotiation message is not authentic.
  - 5. The method of claim 3, wherein the digital signature for the capability negotiation message is based upon a private encryption key of the wireless communication device and the capability negotiation message, and wherein the digital signature for the response to the capability negotiation message is based upon a private encryption key of the wireless communication system and the response to the capability negotiation message.
  - 6. The method of claim 1, wherein the performance characteristics comprise a transmission delay of the wireless communications over the wireless link.
  - 7. The method of claim 1, wherein the security breach is a man-in-the-middle attack.
  - 8. The method of claim 1, wherein the capability negotiation message comprises a worldwide interoperability for microwave access (WiMAX) subscriber station basic capability request (SBC-REQ) message.
  - 9. The method of claim 1, wherein the authentication request message comprises a worldwide interoperability for microwave access (WiMAX) privacy key management request (PKM-REQ) message.

10. A wireless communication system, comprising:
- a wireless access node and a wireless communication device configured to perform a network entry process by exchanging wireless communications, wherein the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase;
  
  the wireless access node configured to monitor performance characteristics of a wireless link between the wireless communication device and the wireless access node carrying the wireless communications of the network entry process;
  
  during the capability exchange phase, communication circuitry of the wireless communication device configured to transfer a capability negotiation message, and the wireless access node configured to receive the capability negotiation message;
  
  during the authentication exchange phase, the communication circuitry of the wireless communication device configured to transfer an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message, and the wireless access node configured to receive the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message;
  
  the wireless access node configured to authenticate the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device; and
  
  the wireless access node configured to detect when the network entry process is discontinued if the capability negotiation message is not authentic, and process the performance characteristics and a time of when the network entry process is discontinued to determine if the performance characteristics at the time of when the network entry process is discontinued indicate a security breach on the wireless link.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The wireless communication system of claim 10, comprising:
    - the wireless access node continues the network entry process if the capability negotiation message is authentic, and discontinues the network entry process if the capability negotiation message is not authentic.
  - 12. The wireless communication system of claim 10, comprising:
    - the wireless access node determines a response to the capability negotiation message and a digital signature for the response to the capability negotiation message;
      
      during the capability exchange phase, the wireless access node transfers the response to the capability negotiation message, and the wireless communication device receives the response to the capability negotiation message;
      
      during the authentication exchange phase, the wireless access node transfers an authentication key associated with the wireless communication system and the digital signature for the response to the capability negotiation message, and the wireless communication device receives the authentication key associated with the wireless communication system and the digital signature for the response to the capability negotiation message; and
      
      the wireless communication device authenticates the response to the capability negotiation message based upon the digital signature for the response to the capability negotiation message and the authentication key associated with the wireless communication system.
  - 13. The wireless communication system of claim 12, comprising:
    - the wireless communication device continues the network entry process if the response to the capability negotiation message is authentic, and discontinue the network entry process if the response to the capability negotiation message is not authentic.
  - 14. The wireless communication system of claim 12, wherein the digital signature for the capability negotiation message is based upon a private encryption key of the wireless communication device and the capability negotiation message, and wherein the digital signature for the response to the capability negotiation message is based upon a private encryption key of the wireless communication system and the response to the capability negotiation message.
  - 15. The wireless communication system of claim 10, wherein the performance characteristics comprise a transmission delay of the wireless communications over the wireless link.
  - 16. The wireless communication system of claim 10, wherein the security breach is a man-in-the-middle attack.
  - 17. The wireless communication system of claim 10, wherein the capability negotiation message comprises a worldwide interoperability for microwave access (WiMAX) subscriber station basic capability request (SBC-REQ) message.
  - 18. The wireless communication system of claim 10, wherein the authentication request message comprises a worldwide interoperability for microwave access (WiMAX) privacy key management request (PKM-REQ) message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Choi, Heesook
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US12/505,885
Time in Patent Office

1,282 Days
Field of Search

713/170, 713/171, 380/247, 380/270
US Class Current

713/170
CPC Class Codes

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

H04W 12/069   using certificates or pre-s...

H04W 12/106   Packet or message integrity

H04W 12/122   Counter-measures against at...

Increased security during network entry of wireless communication devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Increased security during network entry of wireless communication devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links