Authenticating mobile network provider equipment

US 20070186108A1
Filed: 09/05/2006
Published: 08/09/2007
Est. Priority Date: 02/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing mobile network security, comprising:

registering a first mobile network provider equipment using a secret data that is known to a registration entity with which the first mobile network provider equipment is configured to register and embodied in a physical device associated with the first mobile network provider equipment in a manner that enables the physical device to be used to perform a cryptographic function using the secret data but prevents the physical device from being used to provide the secret data as output; and

receiving from the registration entity an encryption data usable to communicate securely with a second mobile network provider equipment over a packet data network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing mobile network security is disclosed. A first mobile network provider equipment registers using a secret data that is known to a registration entity with which the first mobile network provider equipment is configured to register and embodied in a physical device associated with the first mobile network provider equipment in a manner that enables the physical device to be used to perform a cryptographic function using the secret data but prevents the physical device from being used to provide the secret data as output. An encryption data usable to communicate securely with a second mobile network provider equipment over a packet data network is received from the registration entity.

Citations

31 Claims

1. A method of providing mobile network security, comprising:
- registering a first mobile network provider equipment using a secret data that is known to a registration entity with which the first mobile network provider equipment is configured to register and embodied in a physical device associated with the first mobile network provider equipment in a manner that enables the physical device to be used to perform a cryptographic function using the secret data but prevents the physical device from being used to provide the secret data as output; and
  
  receiving from the registration entity an encryption data usable to communicate securely with a second mobile network provider equipment over a packet data network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A method as recited in claim 1, wherein the encryption data comprises one or more keys.
  - 3. A method as recited in claim 2, wherein the one or more keys comprise one or more session keys.
  - 4. A method as recited in claim 1, wherein the first mobile network provider equipment and the second mobile network provider equipment are used in providing mobile network service to a mobile handset.
  - 5. A method as recited in claim 1, wherein the physical device comprises a smart card.
  - 6. A method as recited in claim 1, wherein the first mobile network provider equipment is a base transceiver station.
  - 7. A method as recited in claim 1, wherein the packet data network is used as a backhaul of a mobile network.
  - 8. A method as recited in claim 1, further comprising receiving a Uniform Resource Locator (URL) or an Internet Protocol (IP) address that can be used by the first mobile network provider equipment to locate the second mobile network provider equipment.
  - 9. A method as recited in claim 1, wherein registering the first mobile network provider equipment includes establishing a secure connection between the first network provider equipment and the registration entity.
  - 10. A method as recited in claim 9, wherein the secure connection comprises Secure Socket Layer (SSL) or other privacy-protected session.
  - 11. A method as recited in claim 1, wherein the second network provider equipment comprises a base station controller.
  - 12. A method as recited in claim 1, wherein the second network provider equipment comprises an entity forwarding data received from the first network provider equipment via the packet data network to a base station controller.
  - 13. A method as recited in claim 1, wherein the second network provider equipment and the registration entity are included in the same physical computing system.
  - 14. A method as recited in claim 13, wherein the second network provider equipment and the registration entity are both associated with different Internet Protocol (IP) addresses.
  - 15. A method as recited in claim 1, wherein the secret data is embodied in the physical device at a time the physical device is manufactured.
  - 16. A method as recited in claim 1, wherein the encryption data comprises one or more keys that can be used to communicate securely over the packet data network using at least one of the following protocols:
    - Secure Real-time Transport Protocol (S-RTP) and Stream Control Transmission Protocol (SCTP).
  - 17. A method as recited in claim 1, wherein registering the first mobile network provider equipment using the secret data includes sending to the registration entity a random value, receiving from the registration entity a response to the random value, using the physical device to perform a computation using the secret data and the random value, comparing the result of the computation with the received response, and concluding the registration entity is trustworthy if the received response matches the result of the computation.
  - 18. A method as recited in claim 1, wherein registering the first mobile network provider equipment using the secret data includes receiving from the registration entity a random value, performing a computation using the physical device and the random value, and sending to the registration entity a result of the computation.
  - 19. A method as recited in claim 1, wherein the encryption data is associated with a prescribed or a specified lifetime.
  - 20. A method as recited in claim 1, wherein the encryption data is received both at the registration entity and at the second network provider equipment.
  - 21. A method as recited in claim 1, wherein encryption data is dynamically generated by the registration sever.

22. A system for providing mobile network security, comprising:
- a physical device in which a secret data is embodied in a manner enables the physical device to be used to perform a cryptographic function using the secret data but prevents the physical device from being used to provide the secret data as output;
  
  a processor configured to use the physical device to register the system with a registration entity to which the secret data is known, including by using the secret data to perform the cryptographic function; and
  
  a communication interface configured to receive from the registration entity an encryption data usable to communicate securely with a mobile network provider equipment over a packet data network.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A system as recited in claim 22, the communication interface is further configured to receive from the registration entity a Uniform Resource Locator (URL) or an Internet Protocol (IP) address that can be to locate the mobile network provider equipment.
  - 24. A system as recited in claim 22, wherein the physical device comprises a smart card.
  - 25. A system as recited in claim 22, wherein the system includes a base transceiver station.
  - 26. A system as recited in claim 22, wherein the encryption data comprises one or more keys that can be used to communicate securely over the packet data network using at least one of the following protocols:
    - Secure Real-time Transport Protocol (S-RTP) and Stream Control Transmission Protocol (SCTP).

27. A computer program product for providing mobile network security, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- registering a first mobile network provider equipment using a secret data that is known to a registration entity with which the first mobile network provider equipment is configured to register and embodied in a physical device associated with the first mobile network provider equipment in a manner that enables the physical device to be used to perform a cryptographic function using the secret data but prevents the physical device from being used to provide the secret data as output; and
  
  receiving from the registration entity an encryption data usable to communicate securely with a second mobile network provider equipment over a packet data network.
- View Dependent Claims (28, 29, 30, 31)
- - 28. A computer program product as recited in claim 27, wherein the first mobile network provider equipment and the second mobile network provider equipment are used in providing mobile network service to a mobile handset.
  - 29. A computer program product as recited in claim 27, wherein the physical device comprises a smart card.
  - 30. A computer program product as recited in claim 27, wherein the first mobile network provider equipment is a base transceiver station.
  - 31. A computer program product as recited in claim 27, wherein the encryption data comprises one or more keys that can be used to communicate securely over the packet data network using at least one of the following protocols:
    - Secure Real-time Transport Protocol (S-RTP) and Stream Control Transmission Protocol (SCTP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
RadioFrame Networks, Inc. (Motorola Solutions, Inc.)
Inventors
Zhang, Yan, Stevens, William M., Sukumaran, Jayesh, Wahlstrom, Donald P., Passarella, Rossano

Granted Patent

US 7,831,237 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 61/5014   using dynamic host configur...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 9/0844   with user authentication or...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

H04W 60/00   Affiliation to network, e.g...

H04W 8/26   Network addressing or numbe...

H04W 88/08   Access point devices

H04W 88/12   Access point controller dev...

H04W 92/12   between access points and a...

Authenticating mobile network provider equipment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating mobile network provider equipment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links