Method and apparatus for providing authentication in a communication system

US 7,123,719 B2
Filed: 02/16/2001
Issued: 10/17/2006
Est. Priority Date: 02/16/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising the steps of:

generating a random number, an expected response, and a derived cipher key associated with securing air interface communications with a mobile station;

forwarding the random number and a random seed to a base station that is located in a first pool devices, wherein the first pool is associated with an intrakey that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool;

receiving, from the base station, a response to the random number and the random seedcomparing the response and the expected response; and

when the response matches the expected response, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

84 Citations

View as Search Results

41 Claims

1. A method comprising the steps of:
- generating a random number, an expected response, and a derived cipher key associated with securing air interface communications with a mobile station;
  
  forwarding the random number and a random seed to a base station that is located in a first pool devices, wherein the first pool is associated with an intrakey that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool;
  
  receiving, from the base station, a response to the random number and the random seedcomparing the response and the expected response; and
  
  when the response matches the expected response, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising the step of, when the response does not match the expected response, discarding the derived cipher key without encrypting the derived cipher key and forwarding the encrypted derived cipher key to the base station.
  - 3. The method of claim 2, further comprising the step of sending a failed authentication message to the base station.
  - 4. The method of claim 1, wherein the expected response is generated at least indirectly from the random number and the random seed.
  - 5. The method of claim 1, wherein the derived cipher key is generated at least indirectly from the random number and the random seed.
  - 6. The method of claim 1, wherein the derived cipher key is stored at a visited location register.
  - 7. The method of claim 6, wherein the derived cipher key is encrypted using the intrakey before being stored at the visited location register.
  - 8. The method of claim 1, wherein the derived cipher key is stored at a home location register.
  - 9. The method of claim 8, wherein the derived cipher key is encrypted using the intrakey before being stored at the home location register.
  - 10. The method of claim 1, wherein the steps are performed by a zone controller.
  - 11. The method of claim 1, wherein the steps are performed by a visited location register.
  - 12. The method of claim 1, wherein the response is generated by a mobile station.
  - 13. The method of claim 1, wherein the first pool comprises a first zone.
  - 14. The method of claim 1, wherein any of a base site and a TETRA site controller takes the place of the base station.
  - 15. The method of claim 1, further comprising the steps of:
    - receiving, from the base station, a second random number generated by the mobile station;
      
      generating a second derived cipher key and a second response to the second random number and forwarding the second response to the base station, the second derived cipher key also associated with securing the air interface communications with the mobile station;
      
      combining the derived cipher key and the second derived cipher key, yielding a third derived cipher key used for encrypting the air interface communications with the mobile station;
      
      when a positive authentication message is received from the base station, encrypting the third derived cipher key using the intrakey and forwarding the encrypted third derived cipher key to the base station.

16. A method performed by any of a base station that is located in a first pool of devices and comprising the steps of:
- receiving an authentication request from a mobile station;
  
  determining whether to forward the request to an authentication agent;
  
  when it is determined to forward the request, forwarding the request to the authentication agent;
  
  receiving a random number and a random seed from the authentication agent;
  
  forwarding the random number and the random seed to the mobile stationreceiving a response to the random number and the random seed from the mobile station and forwarding the response to the authentication agent;
  
  when the authentication agent authenticates the mobile station, receiving from the authentication agent a derived cipher key that is encrypted using an intrakey associated with the first pool, wherein the intrakey is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool; and
  
  encrypting messages to the mobile station and decrypting messages from the mobile station with the derived cipher key.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising the step of, when the authentication agent sends a negative authentication to the base station, forwarding the negative authentication to the mobile station.
  - 18. The method of claim 16, wherein the authentication agent is a zone controller.
  - 19. The method of claim 16, wherein the authentication agent is a visited location register.
  - 20. The method of claim 16, wherein the first pool comprises a first zone.
  - 21. The method of claim 16, wherein any of a base site and a TETRA site controller takes the place of the base station.
  - 22. The method of claim 16 further comprising the steps of:
    - receiving a second random number from the mobile station;
      
      forwarding the second random number to the authentication agent;
      
      receiving a second response to the second random number from the authentication agent;
      
      forwarding the second response to the mobile station;
      
      when the mobile station authenticates die infrastructure, forwarding am authenticated message to the authentication agent;
      
      receiving a second derived cipher key from the authentication agent, wherein the second derived cipher key is encrypted using the intrakey; and
      
      encrypting messages to The mobile station and decrypting messages from the mobile station with the second derived cipher key.

23. A method comprising the steps of:
- receiving, from a base station, a random number generated by a mobile station, wherein the base station is located in a first pool of devices, wherein the first pool is associated with an intra key that is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key materials that is distributed with first pool;
  
  using a random seed, generating a derived cipher key associated with securing air interface communications with the mobile station and a response to the random number and forwarding the random seed and the response to the base station;
  
  when a positive authentication message is received from the base station, encrypting the derived cipher key using the intrakey and forwarding the encrypted derived cipher key to the base station and storing the derived cipher key at an authentication agent.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 24. The method of claim 23, further comprising the step of, when a negative authentication message is received from the base station, discarding the derived cipher key without encrypting the derived cipher key and forwarding the encrypted derived cipher key to the base station.
  - 25. The method of claim 23, wherein the response is generated at least indirectly from the random number and the random seed.
  - 26. The method of claim 23, wherein the derived cipher key is generated at least indirectly from the random number and the random seed.
  - 27. The method of claim 23, wherein the derived cipher key is stored at a visited location register.
  - 28. The method of claim 27, wherein the derived cipher key is encrypted using the intrakey before being stored at the visited location register.
  - 29. The method of claim 23, wherein the derived cipher key is stored at a home location register.
  - 30. The method of claim 29, wherein the derived cipher key is encrypted using the intrakey before being stored at home location register.
  - 31. The method of claim 23, wherein the steps are performed by a zone controller.
  - 32. The method of claim 23, wherein the steps are performed by a visited location register.
  - 33. The method of claim 23, wherein the first pool comprises a first zone.
  - 34. The method of claim 23, wherein any of a base site and a TETRA site controller takes the place of the base station.
  - 35. The method of claim 23, wherein the method is of a mutual authentication process.

36. A method performed by a base station that is located in a first pool of devices and comprising the steps of:
- receiving a random number from a mobile station;
  
  forwarding the random number to an authentication agent;
  
  receiving a response to the random number and a random seed from the authentication agent;
  
  forwarding the response and the random seed to the mobile station;
  
  when the mobile station authenticates the infrastructure, forwarding an authenticated message to the authentication agent;
  
  receiving from the authentication agent a derived cipher key that is encrypted using an intrakey associated with the first pool, wherein the intrakey is used only by infrastructure system devices other than a mobile station within the first pool for encrypting key material that is distributed within the first pool,encrypting messages to the mobile station and decrypting messages from the mobile station with the derived cipher key.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The method of claim 36, further comprising the step of, when the mobile station sends a negative authentication to the base station, forwarding the negative authentication to the authentication agent, which discards the derived cipher key.
  - 38. The method of claim 36, wherein the authentication agent is a zone controller.
  - 39. The method of claim 36, wherein the authentication agent is a visited location register.
  - 40. The method of claim 36, wherein the first pool comprises a first zone.
  - 41. The method of claim 36, wherein any of a base site and a TETRA site controller takes the place of the base station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
McDonald, Daniel J., Pappas, Scott J., Anderson, Walter F., Kremske, Randy, Newkirk, Dennis, Johur, Jason, Sowa, Hans Christopher, Chater-Lea, David J
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Chai, Longbit

Application Number

US09/785,722
Publication Number

US 20020154776A1
Time in Patent Office

2,069 Days
Field of Search

380247-249, 380258-273, 380277-286, 713161-171, 4554321-436
US Class Current

380/247
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3273   for mutual authentication n...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 88/04   adapted for relaying to or ...

Method and apparatus for providing authentication in a communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing authentication in a communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links