Authenticating network elements in a communication system

US 8,559,636 B2
Filed: 03/13/2011
Issued: 10/15/2013
Est. Priority Date: 03/13/2011
Status: Active Grant

First Claim

Patent Images

1. A communication device, comprising:

a wireless transceiver;

a memory to store computer instructions; and

a processor coupled to the wireless transceiver and to the memory, wherein the processor, responsive to executing the computer instructions, performs operations comprising;

establishing communications with a wireless base station;

generating an encrypted message request;

transmitting to a server by way of the wireless base station the encrypted message request;

receiving from the server by way of the wireless base station an encrypted message response;

decrypting the encrypted message response, resulting in a decrypted message response;

determining that the wireless base station is an approved network element of a communication system providing communication services to the communication device based on at least two conditions comprising information included in the decrypted message response and an ability of the wireless base station to deliver to the communication device the encrypted message response transmitted by the server;

establishing communications with a second wireless base station;

generating a second encrypted message request;

transmitting the second encrypted message request to the server by way of the second wireless base station;

detecting a communication fault based on a failure to receive from the server by way of the second wireless base station an expected second encrypted message response; and

determining from the communication fault that the second wireless base station is not a approved network element of the communication system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that incorporates teachings of the present disclosure may include, for example, a computer-readable storage medium in a communication device having computer instructions to establish communications with a cellular base station, generate a message request, and transmit to an authentication device by way of the cellular base station the message request. The computer-readable storage medium can also have computer instructions to receive from the authentication device by way of the cellular base station a message response, authenticate the message response, and determine from the authenticated message response whether the cellular base station is an approved network element of a cellular communication system. Other embodiments are disclosed.

16 Citations

View as Search Results

19 Claims

1. A communication device, comprising:
- a wireless transceiver;
  
  a memory to store computer instructions; and
  
  a processor coupled to the wireless transceiver and to the memory, wherein the processor, responsive to executing the computer instructions, performs operations comprising;
  
  establishing communications with a wireless base station;
  
  generating an encrypted message request;
  
  transmitting to a server by way of the wireless base station the encrypted message request;
  
  receiving from the server by way of the wireless base station an encrypted message response;
  
  decrypting the encrypted message response, resulting in a decrypted message response;
  
  determining that the wireless base station is an approved network element of a communication system providing communication services to the communication device based on at least two conditions comprising information included in the decrypted message response and an ability of the wireless base station to deliver to the communication device the encrypted message response transmitted by the server;
  
  establishing communications with a second wireless base station;
  
  generating a second encrypted message request;
  
  transmitting the second encrypted message request to the server by way of the second wireless base station;
  
  detecting a communication fault based on a failure to receive from the server by way of the second wireless base station an expected second encrypted message response; and
  
  determining from the communication fault that the second wireless base station is not a approved network element of the communication system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The communication device of claim 1, wherein the operations further comprise generating the encrypted message request with a first private key stored in the communication device, and wherein the encrypted message request is transmitted to the server to cause the server to generate the encrypted message response with a second private key stored in the server, and causing the server to transmit the encrypted message response to the communication device by way of the wireless base station.
  - 3. The communication device of claim 1, wherein the operations further comprise detecting that the second wireless base station is operated by a law enforcement agency.
  - 4. The communication device of claim 3, wherein the operations further comprise detecting that the second wireless base station is operated by the law enforcement agency responsive to receiving an encrypted law enforcement message from the second wireless base station.
  - 5. The communication device of claim 3, wherein the operations further comprise maintaining communications with the second wireless base station responsive to detecting that the second wireless base station is operated by the law enforcement agency.
  - 6. The communication device of claim 1, wherein the operations further comprise detecting that the second wireless base station is not operated by a legitimate party after an attempt to prompt the server to transmit to the communication device the expected second encrypted message response.
  - 7. The communication device of claim 6, wherein the operations further comprise:
    - establishing communications with a third wireless base station responsive to detecting that the second wireless base station is not operated by a legitimate party;
      
      validating that the third wireless base station is an approved network element of the communication system by receiving by way of the third wireless base station a third encrypted message from the server; and
      
      transmitting a notice to the server that the second wireless base station is not a valid network element of the communication system.
  - 8. The communication device of claim 1, wherein the operations further comprise transmitting to the server by way of the wireless base station a first public key associated with the communication device.
  - 9. The communication device of claim 8, wherein the operations further comprise receiving from the server by way of the wireless base station a second public key associated with the server.
  - 10. The communication device of claim 9, wherein the operations further comprise encrypting the message request with the second public key associated with the server and signing the encrypted message request with a first private key associated with the communication device, and wherein the server is operable to encrypt the message response with the first public key associated with the communication device and sign the encrypted message response with a second private key associated with the server.
  - 11. The communication device of claim 10, wherein the operations further comprise decrypting the encrypted message response with the first private key associated with the communication device and decrypting a signature of the server with the second public key associated with the server, and wherein the server is operable to decrypt the encrypted message request with the second private key associated with the server and decrypt the signature of the communication device with the first public key associated with the communication device.
  - 12. The communication device of claim 1, wherein the communication device is a cellular telephone, wherein the wireless base station is a cellular base station, and wherein the communication system is one of a cellular communication network and an internet protocol multimedia subsystem communication network.

13. A non-transitory computer-readable storage medium, comprising computer instructions that when executed by a processor in a communication device, cause the processor to perform operation comprising:
- establishing communications with a cellular base station;
  
  generating a message request;
  
  transmitting to an authentication device by way of the cellular base station the message request, wherein the authentication device is communicatively coupled to the cellular base station, and wherein the authentication device is remotely located from the cellular base station;
  
  receiving from the authentication device by way of the cellular base station a message response;
  
  authenticating the message response, resulting in an authenticated message response;
  
  determining from the authenticated message response whether the cellular base station is an approved network element of a cellular communication system;
  
  receiving a request to initiate a communication session with a second communication device, andperforating one of;
  
  transmitting a call origination request to the cellular base station to initiate the communication session with the second communication device upon determining from the authenticated message response that the cellular base station is an approved network element of the cellular communication system;
  
  rejecting the request to initiate the communication session with the second communication device upon determining from the authentication message response that the cellular base station is not an approved network element of the cellular communication system;
  
  ortransmitting the call origination request to a second cellular base station authenticated by the communication device, wherein the communication device determining from the authenticated message response that the cellular base station is not an approved network element of the cellular communication system.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the message request and message response are encrypted messages.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the determining from the authenticated message response whether the cellular base station is an approved network element of a cellular communication system is based on a plurality of conditions comprising information included in the message response and an ability of the cellular base station to deliver to the communication device the message response.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the computer-readable storage medium comprises one of a subscriber identity module and re-usable identification module.

17. An authentication device, comprising:
- a memory to store computer instructions;
  
  a controller coupled to the memory, wherein the controller, responsive to executing the computer instructions, performs operations comprising;
  
  receiving by way of a cellular base station a message request from a communication device;
  
  generating a message response;
  
  transmitting to the communication device by way of the cellular base station the message response to enable the communication device to determine whether the cellular base station is an approved network element of a cellular communication system; and
  
  receiving a message alert from the communication device identifying the cellular base station as an unapproved network element of the cellular communication system responsive to the communication device failing to receive by way of the cellular base station the message response transmitted by the authentication device.
- View Dependent Claims (18, 19)
- - 18. The authentication device of claim 17, wherein the message request and message response are encrypted messages.
  - 19. The authentication device of claim 17, wherein the operations further comprise receiving the message alert from one of the cellular base station and a second cellular base station communicatively, and wherein the communication device establishes communications with the second cellular base station upon the communication device determining that the cellular base station is an unapproved network element of the cellular communication system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
De Los Reyes, Gustavo
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US13/046,757
Publication Number

US 20120230488A1
Time in Patent Office

947 Days
Field of Search

380/247, 380/270, 380/278, 726/2
US Class Current

380/247
CPC Class Codes

H04L 63/126   the source of the received ...

H04L 63/306   intercepting packet switche...

H04W 12/03   Protecting confidentiality,...

H04W 12/069   using certificates or pre-s...

H04W 12/10   Integrity

H04W 12/122   Counter-measures against at...

H04W 88/08   Access point devices

Authenticating network elements in a communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Authenticating network elements in a communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others