Bootstrapping authentication using distinguished random challenges
First Claim
1. A mobile station for communicating in a wireless communications network, comprising:
- a receiver configured to receive at least one authentication data parameter forming a first challenge value from the wireless communications network;
a memory configured to store a reserved challenge value, wherein the reserved challenge value is not transferred over a wireless communication link between the mobile station and the wireless communications network and is not used for initial authentication procedures;
a first processing circuit configured to store a secret key, to generate a first key based on the at least one received authentication data parameter and the secret key, and to generate a second key based on the reserved challenge value and the secret key and independent of data received over the wireless communication link; and
a second processing circuit configured to generate a third key, to use in the communication between the mobile station and the wireless communications network, using at least the first and second keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A communications system and method of bootstrapping mobile station authentication and establishing a secure encryption key are disclosed. In one embodiment of the communications network, a distinguished random challenge is reserved for generation of a secure encryption key, wherein the distinguished random challenge is not used for authentication of a mobile station. The distinguished random challenge is stored at a mobile station'"'"'s mobile equipment and used to generate a secure encryption key, and a bootstrapping function in the network uses a normal random challenge to authenticate the mobile station and the distinguished random challenge to generate the secure encryption key.
-
Citations
23 Claims
-
1. A mobile station for communicating in a wireless communications network, comprising:
-
a receiver configured to receive at least one authentication data parameter forming a first challenge value from the wireless communications network; a memory configured to store a reserved challenge value, wherein the reserved challenge value is not transferred over a wireless communication link between the mobile station and the wireless communications network and is not used for initial authentication procedures; a first processing circuit configured to store a secret key, to generate a first key based on the at least one received authentication data parameter and the secret key, and to generate a second key based on the reserved challenge value and the secret key and independent of data received over the wireless communication link; and a second processing circuit configured to generate a third key, to use in the communication between the mobile station and the wireless communications network, using at least the first and second keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile element of a wireless communications network, the wireless communications network comprising a plurality of mobile elements and a plurality of network elements communicating with the mobile elements,
wherein the mobile element is configured to authenticate itself to the wireless communications network by responding to a challenge value presented to the mobile element by a network element of the wireless communications network during a challenge response authentication procedure, and wherein the mobile element comprises a memory configured to store a reserved challenge value used in combination with a secret key stored in a secure integrated circuit to generate a key independent of data received over a wireless communication link between the mobile element and the network element, where the key is used in communication between the mobile element and a network element, wherein the reserved challenge value is not transferred over the wireless communication link between the mobile element and the network element and is not used for initial authentication procedures.
-
15. A method of creating keys in a communication network that uses a challenge response authentication procedure, the method comprising:
-
receiving at least one authentication challenge value, wherein the authentication challenge value is used in the challenge response authentication procedure; reserving at least one challenge value in a memory of a mobile unit, wherein the reserved challenge value is not used for initial authentication procedures and is not transferred over a wireless communication link between mobile units and network elements within the communication network; and generating session keys with the mobile unit to be used in communication between the mobile unit and network elements within the communication network, the session keys being generated using a first key and a second key, wherein the first key is generated by a secure integrated circuit based on the at least one authentication challenge value in combination with a secret key stored in the secure integrated circuit and the second key is generated by the secure integrated circuit based on the reserved challenge value in combination with the secret key and independent of data received over the wireless communication link.
-
-
16. A method of generating a key at a mobile station for securing communication between the mobile station and a network element, the method comprising:
-
receiving a first challenge value as part of a challenge response authentication procedure from the network element at the mobile station; sending the first challenge value to a secure integrated circuit; generating a first key using at least the first challenge value and a secret key stored at the secure integrated circuit; sending the first key to the network element for authentication; sending a reserved challenge value to the secure integrated circuit, wherein the reserved challenge value is stored in a memory of the mobile station and is not transferred over a wireless communication link between the mobile station and the network element and is not used for initial authentication procedures; generating a second key using at least the reserved challenge value and the secret key and independent of data received over the wireless communication link; generating the key for secure communication using at least the first key and at least the second key. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A mobile station in a communications network, the mobile station comprising:
-
means for receiving an authentication challenge value as part of a challenge response authentication procedure from the communications network; means for generating a first key using the received authentication challenge value and a secret key stored in a secure integrated circuit; means for generating a second key in response to using the secret key and a distinguished authentication challenge value stored in a memory of the mobile station and independent of data received over a wireless communication link between the mobile station and the communications network, the distinguished authentication challenge value employed in generating keys to be used in communication between the mobile station and a network element, wherein the distinguished authentication challenge value is not transferred over the wireless communication link between the mobile station and the communications network and is not used for initial authentication procedures; and means for generating a third key using at least the first key and at least the second key.
-
-
23. A non-transitory machine-readable medium comprising instructions for a mobile station for communicating in a wireless communications network, which when executed by at least one processor causes the at least one processor to:
-
receive at least one authentication data parameter forming a first challenge value from the wireless communications network; generate a first key based on the at least one received authentication data parameter and a secret key that is stored in a first processing circuit; generate a second key based on a reserved challenge value and the secret key and independent of data received over a wireless communications network between the mobile station and the wireless communications network, the reserved challenged value is stored in memory and is not transferred over the wireless communication link and is not used for initial authentication procedures; and generate a third key, to use in the communication between the mobile station and the wireless communications network, using at least the first and second keys.
-
Specification