Method and apparatus for providing authentication in a communication system
First Claim
1. A method comprising the steps of:
- generating a random number, an expected response, and a derived cipher key associated with securing air interface communications with a mobile station;
forwarding the random number and a random seed to a base station that is located in a first pool devices, wherein the first pool is associated with an intrakey that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool;
receiving, from the base station, a response to the random number and the random seedcomparing the response and the expected response; and
when the response matches the expected response, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).
84 Citations
41 Claims
-
1. A method comprising the steps of:
-
generating a random number, an expected response, and a derived cipher key associated with securing air interface communications with a mobile station; forwarding the random number and a random seed to a base station that is located in a first pool devices, wherein the first pool is associated with an intrakey that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool; receiving, from the base station, a response to the random number and the random seed comparing the response and the expected response; and when the response matches the expected response, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method performed by any of a base station that is located in a first pool of devices and comprising the steps of:
-
receiving an authentication request from a mobile station; determining whether to forward the request to an authentication agent; when it is determined to forward the request, forwarding the request to the authentication agent; receiving a random number and a random seed from the authentication agent; forwarding the random number and the random seed to the mobile station receiving a response to the random number and the random seed from the mobile station and forwarding the response to the authentication agent; when the authentication agent authenticates the mobile station, receiving from the authentication agent a derived cipher key that is encrypted using an intrakey associated with the first pool, wherein the intrakey is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool; and encrypting messages to the mobile station and decrypting messages from the mobile station with the derived cipher key. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method comprising the steps of:
-
receiving, from a base station, a random number generated by a mobile station, wherein the base station is located in a first pool of devices, wherein the first pool is associated with an intra key that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key materials that is distributed with first pool; using a random seed, generating a derived cipher key associated with securing air interface communications with the mobile station and a response to the random number and forwarding the random seed and the response to the base station; when a positive authentication message is received from the base station, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method performed by a base station that is located in a first pool of devices and comprising the steps of:
-
receiving a random number from a mobile station; forwarding the random number to an authentication agent; receiving a response to the random number and a random seed from the authentication agent; forwarding the response and the random seed to the mobile station; when the mobile station authenticates the infrastructure, forwarding an authenticated message to the authentication agent; receiving from the authentication agent a derived cipher key that is encrypted using an intrakey associated with the first pool, wherein the intrakey is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool, encrypting messages to the mobile station and decrypting messages from the mobile station with the derived cipher key. - View Dependent Claims (37, 38, 39, 40, 41)
-
Specification