Local authentication of mobile subscribers outside their home systems
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/00
H04K-001/00
H04L-009/08
H04L-009/28
H04L-029/06
H04L-009/32
G06F-021/00
G06F-007/04
H04M-011/00
H04M-001/66
H04W-004/00
출원번호
UP-0142994
(2005-06-01)
등록번호
US-7751567
(2010-07-26)
발명자
/ 주소
Quick, Jr., Roy F.
Rose, Gregory G.
출원인 / 주소
QUALCOMM Incorporated
대리인 / 주소
Choi, Jae-Hee
인용정보
피인용 횟수 :
32인용 특허 :
28
초록▼
Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 2
Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.
대표청구항▼
What is claimed is: 1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising: a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for: generating a pluralit
What is claimed is: 1. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising: a memory; and a processor configured to implement a set of instructions stored in the memory, the set of instructions for: generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communication unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit; generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system. 2. The token of 1, wherein the authentication signal is generated by a hash function. 3. The token of 2, wherein the hash function is the Secure Hash Algorithm (SHA-1). 4. The token of claim 1, the processor the configured to implement additional instructions stored in the memory, the additional instructions for: assigning a weight to a transmission message at the mobile unit in accordance with a relative importance of the transmission message; and wherein the authentication signal is generated and transmitted only if the assigned weight to the transmission message indicates that the transmission message is important, otherwise, if the message is unimportant, the transmission message is transmitted without the authentication signal. 5. A subscriber identification token for use by a subscriber in a mobile unit, the token comprising: a key generation element for generating a plurality of keys, where at least one key from the plurality of keys is an integrity key that is provided to the mobile unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communication unit; and a signature generator configured to receive the authentication key from the key generation element and a first signature from the mobile unit, where the first signature is based on the integrity key, the signature generator further configured to output a second signature to the mobile unit, wherein the second signature is generated based on the authentication key and the first signature and the second signature is for authenticating the identity of the subscriber. 6. The token of claim 5, comprising: a memory; and a processor configured to execute a set of instructions stored in the memory, wherein the set of instructions performs a cryptographic transformation upon an input value to produce a plurality of temporary keys. 7. The token of claim 6, wherein the cryptographic transformation is performed using a permanent key. 8. The token of claim 5, comprising: a memory; and a processor configured to execute a set of instructions stored in the memory, wherein the set of instructions performs a cryptographic transformation upon the information from the mobile unit by using the authentication key, wherein the signature results from the cryptographic transformation. 9. The subscriber identification token of claim 5, wherein a weight is assigned to a transmission message at the mobile unit in accordance with a relative importance of the transmission message, and the second signature is generated and transmitted only if the assigned weight of the transmission message indicates that the transmission message is important, otherwise, if the message is unimportant, the transmission message is transmitted without the second signature. 10. A method for providing authentication of a subscriber using a subscriber identification token within a mobile unit, comprising: generating a plurality of keys at the subscriber identification token, where the plurality of keys includes a first key and a second key; transmitting the first key from the plurality of keys to the mobile unit communicatively coupled to the subscriber identification token and keeping the second key private from the mobile unit; generating a signature at the mobile unit using both the first key transmitted to the mobile unit and a transmission message; transmitting the signature to the subscriber identification token; receiving the signature at the subscriber identification token; generating a primary signature from the received signature and the second key at the subscriber identification token; and conveying the primary signature to a visited communication system, for authenticating the identity of the subscriber within the visited communication system. 11. The method of claim 10, wherein the generating of the signature signal is performed using a nonreversible operation. 12. The method of claim 10, wherein the generating of the signature signal is performed using DES. 13. The method of claim 10, wherein the generating of the signature signal is performed using a hash function. 14. The method of claim 13, wherein the hash function is SHA-1. 15. The method of claim 10, further comprising: assigning a weight to the transmission message at the mobile unit in accordance with a relative importance of the transmission message; and wherein transmitting the signature comprises: transmitting the signature to a communications system if the assigned weight to the transmission message indicates that the transmission message is unimportant; and transmitting the signature to the subscriber identification token if the assigned weight to the transmission message indicates that the transmission message is important. 16. A processor for use in a subscriber identification token for providing local authentication of a subscriber in a visited communication system, the processor configured to control: generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, and transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system. 17. A subscriber identification token for providing local authentication of a subscriber in a visited communication system, comprising: means for generating a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; means for generating an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communications unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys; and means for transmitting the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system. 18. A storage medium having one or more instructions operational on a subscriber identification token for providing local authentication of a subscriber in a visited communication system, which when executed by a processor causes the processor to: generate a plurality of keys in response to a received challenge, where at least one key from the plurality of keys is an integrity key that is provided to a communications unit communicatively coupled to the subscriber identification token and at least one key from the plurality of keys is an authentication key that is kept private from the communications unit; generate an authentication signal based on a received signal and the authentication key from the plurality of keys, wherein the received signal is transmitted from the communication unit communicatively coupled to the subscriber identification token, and the received signal is generated by the communications unit using the integrity key from the plurality of keys, and transmit the authentication signal to the visited communication system via the communications unit, the authentication signal for authenticating the identity of the subscriber within the visited communication system.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (28)
Butler Theodore ; Wong Marcus, Apparatus and method for encryption key generation.
Nessett, Danny M.; Young, Albert; O'Hara, Bob; Tsai, Joe; Chen, Bofu, Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party.
Floden Anders,SEX ; Darroch John,SEX ; Johansson Lena,SEX ; Johannsen Berndt Ove,SEX, Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Weaver ; Jr. Lindsay A. (San Diego CA), Spread spectrum multiple access communication system using satellite or terrestrial repeaters.
Gilhousen Klein S. (San Diego CA) Jacobs Irwin M. (La Jolla CA) Padovani Roberto (San Diego CA) Weaver ; Jr. Lindsay A. (San Diego CA) Wheatley ; III Charles E. (Del Mar CA) Viterbi Andrew J. (La Jol, System and method for generating signal waveforms in a CDMA cellular telephone system.
Chastain, Walter Cooper; Chin, Stephen Emille; King, Samuel; Suozzo, Michael; Vondrak, Nicholas; Wane, Ismaila, Apparatus and method for managing use of secure tokens.
Chastain, Walter Cooper; Chin, Stephen Emille; King, Samuel; Suozzo, Michael; Vondrak, Nicholas; Wane, Ismaila, Apparatus and method for managing use of secure tokens.
Chastain, Walter Cooper; Chin, Stephen Emille; King, Samuel; Suozzo, Michael; Vondrak, Nicholas; Wane, Ismaila, Apparatus and method for managing use of secure tokens.
Ibrahim, Mamdouh; Ramanathan, Sri; Som, Tapas K.; Trevathan, Matthew B., System and method to support identity theft protection as part of a distributed service oriented ecosystem.
Ibrahim, Mamdouh; Ramanathan, Sri; Som, Tapas K.; Trevathan, Matthew B., System and method to support identity theft protection as part of a distributed service oriented ecosystem.
Chastain, Walter Cooper; Campbell, Clifton Ashman; Chin, Stephen Emille; Harber, David; Rainer, Brian Keith; Smith, David K.; Wang, Shih-Ming, Systems for provisioning universal integrated circuit cards.
Chastain, Walter Cooper; Campbell, Clifton Ashman; Chin, Stephen Emille; Harber, David; Rainer, Brian Keith; Smith, David K.; Wang, Shih-Ming, Systems for provisioning universal integrated circuit cards.
Chastain, Walter Cooper; Campbell, Clifton; Chin, Stephen; Harber, David; Rainer, Brian Keith; Smith, David K.; Wang, Shih-Ming, Systems for provisioning universal integrated circuit cards.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.