Local authentication of mobile subscribers outside their home systems
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
G06F-007/04
H04M-001/66
출원번호
UP-0863139
(2001-05-22)
등록번호
US-7668315
(2010-04-09)
발명자
/ 주소
Quick, Jr., Roy F.
Rose, Gregory G.
출원인 / 주소
QUALCOMM Incorporated
대리인 / 주소
Macek, Kyong H.
인용정보
피인용 횟수 :
6인용 특허 :
28
초록▼
Methods and apparatus are presented for providing local authentication of subscribers travelling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit
Methods and apparatus are presented for providing local authentication of subscribers travelling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.
대표청구항▼
We claim: 1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising: a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for: generating a plurality of keys in resp
We claim: 1. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising: a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for: generating a plurality of keys in response to a received challenge; generating an initial value based upon a first key from the plurality of keys; concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hashing the input value to form an authentication signal; and transmitting the authentication signal to the communications system via the communications unit. 2. The subscriber identification module of claim 1, wherein hashing the input value is performed in accordance with the Secure Hashing Algorithm (SHA-1). 3. The subscriber identification module of claim 1, wherein generating the initial value comprises padding the first key. 4. The subscriber identification module of claim 3, wherein generating the initial value further comprises adding the padded first key bit-wise to a constant value. 5. The subscriber identification module of claim 1, wherein the received signal is generated at the communications unit by: receiving the second key from the subscriber identification module; generating a local initial value based upon the second key; concatenating the local initial value and a message to form a local input value; hashing the local input value to form the received signal; and transmitting the received signal to the subscriber identification module. 6. The subscriber identification module of claim 5, wherein generating the local initial value comprises padding the second key. 7. The subscriber identification module of claim 6, wherein generating the local initial value further comprises adding the padded second key bit-wise to a second constant value. 8. A subscriber identification module, comprising: a key generation element; and a signature generator configured to receive a secret key from the key generation element and information from a mobile unit, and further configured to generate a signature that will be sent to the mobile unit, wherein the signature is generated by concatenating the secret key with the information from the mobile unit and hashing the concatenated secret key and information. 9. The subscriber identification module of claim 8, wherein the key generation element comprises: a memory; and a processor configured to execute a set of instructions stored in the memory, wherein the set of instructions performs a cryptographic transformation upon an input value to produce a plurality of temporary keys. 10. The subscriber identification module of claim 9, wherein the cryptographic transformation is performed using a permanent key. 11. An apparatus for providing secure local authentication of a subscriber in a communication system, comprising a subscriber identification module configured to interact with a communications unit, wherein the subscriber identification module comprises: a key generator for generating a plurality of keys from a received value and a secret value, wherein at least one communication key from the plurality of keys is delivered to the communications unit and at least one secret key from the plurality of keys is not delivered to the communications unit; and a signature generator for generating an authorization signal from hashing a version of the at least one secret key together with an authorization message, wherein the authorization message is generated by the communications unit using a version of the at least one communication key. 12. The apparatus of claim 11, wherein the subscriber identification module is configured to be inserted into the communications unit. 13. The apparatus of claim 11, wherein the at least one communication key comprises an integrity key. 14. The apparatus of claim 11, wherein hashing is performed in accordance with SHA-1. 15. A method for providing authentication of a subscriber using a subscriber identification device, comprising: generating a plurality of keys; transmitting at least one key from the plurality of keys to a communications device communicatively coupled to the subscriber identification device and holding private at least one key from the plurality of keys; generating a signature at the communications device using both the at least one key transmitted to the communications device and a transmission message, wherein generating is implemented by hashing a concatenated value formed from the at least one key and the transmission message; transmitting the signature to the subscriber identification device; receiving the signature at the subscriber identification device; generating a primary signature from the received signature, wherein the generating is implemented by hashing a concatenated value formed from the at least one private key and the signature received from the communications device; and conveying the primary signature to a communications system. 16. The method of claim 15, wherein hashing is implemented in accordance with SHA-1. 17. A method operational on a subscriber identification device for providing local authentication of a subscriber, comprising: generating a plurality of keys in response to a received challenge; generating an initial value based on a first key from the plurality of keys; concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hashing the input value to form an authentication signal; and transmitting the authentication signal to the communications system via the communications unit. 18. A subscriber identification module for providing local authentication of a subscriber in a communication system, comprising: means for generating a plurality of keys in response to a received challenge; means for generating an initial value based on a first key from the plurality of keys; means for concatenating the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; means for hashing the input value to form an authentication signal; and means for transmitting the authentication signal to the communications system via the communications unit. 19. A machine-readable medium having one or more instructions for authenticating a subscriber using a subscriber identification device, which when executed by a processor causes the processor to: generate a plurality of keys in response to a received challenge; generate an initial value based on a first key from the plurality of keys; concatenate the initial value with a received signal to form an input value, wherein the received signal is transmitted from a communications unit communicatively coupled to the subscriber identification module, and the received signal is generated by the communications unit using a second key from the plurality of keys, the second key having been communicated from the subscriber identification module to the communications unit; hash the input value to form an authentication signal; and transmit the authentication signal to the communications system via the communications unit. 20. A method operational on a subscriber identification device, comprising: receiving a secret key from a key generation element and information from a mobile unit; concatenating the secret key with the information from the mobile unit; hashing the concatenated secret key and information to generate a signature; and sending the signature to the mobile unit. 21. The method of claim 20 further comprising: performing a cryptographic transformation on an input value to produce a plurality of temporary keys. 22. A subscriber identification device, comprising: means for receiving a secret key from a key generation element and information from a mobile unit; means for concatenating the secret key with the information from the mobile unit; means for hashing the concatenated secret key and information to generate a signature; and means for sending the signature to the mobile unit. 23. The subscriber identification module of claim 22 further comprising: means for performing a cryptographic transformation on an input value to produce a plurality of temporary keys. 24. A machine-readable medium having one or more instructions operational on a subscriber identification device for authenticating a subscriber, which when executed by a processor causes the processor to: receive a secret key from a key generation element and information from a mobile unit; concatenate the secret key with the information from the mobile unit; hash the concatenated secret key and information to generate a signature; and send the signature to the mobile unit. 25. The machine-readable medium of claim 24 further having one or more instructions which when executed by a processor causes the processor to: perform a cryptographic transformation on an input value to produce a plurality of temporary keys. 26. A method operational on a subscriber identification module for providing secure local authentication of a subscriber in a communication system, comprising: generating a plurality of keys from a received value and a secret value; delivering at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; withholding at least one secret key from the plurality of keys from the communication unit; and hashing a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key. 27. A subscriber identification module for providing secure local authentication of a subscriber in a communication system, comprising: means for generating a plurality of keys from a received value and a secret value; means for delivering at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; means for withholding at least one secret key from the plurality of keys from the communication unit; and means for hashing a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key. 28. A machine-readable medium having one or more instructions operational on a subscriber identification device for providing secure local authentication of a subscriber in a communication system, which when executed by a processor causes the processor to: generate a plurality of keys from a received value and a secret value; deliver at least one communication key from the plurality of keys to a communication unit configured to interact with the subscriber identification module; withhold at least one secret key from the plurality of keys from the communication unit; and hash a version of the at least one secret key together with an authorization message to generate an authorization signal, wherein the authorization message is generated by the communications unit using a version of the at least one communication key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (28)
Butler Theodore ; Wong Marcus, Apparatus and method for encryption key generation.
Nessett, Danny M.; Young, Albert; O'Hara, Bob; Tsai, Joe; Chen, Bofu, Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party.
Floden Anders,SEX ; Darroch John,SEX ; Johansson Lena,SEX ; Johannsen Berndt Ove,SEX, Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Weaver ; Jr. Lindsay A. (San Diego CA), Spread spectrum multiple access communication system using satellite or terrestrial repeaters.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Padovani Roberto (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA) Wheatley ; III Charles E. (Del Mar CA) Viterbi Andrew J. (La Jol, System and method for generating signal waveforms in a CDMA cellular telephone system.
Volini, Phillip; Werneke, John Raymond; Schumaler, Carl; Smith, Michael; Giannantonio, Frank; Iaia, Vito; Moriarty, Sean, Controlled token distribution to protect against malicious data and resource access.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.