WO1997015161A1 - Subscriber authentication in a mobile communications system - Google Patents

Subscriber authentication in a mobile communications system Download PDF

Info

Publication number
WO1997015161A1
WO1997015161A1 PCT/FI1996/000543 FI9600543W WO9715161A1 WO 1997015161 A1 WO1997015161 A1 WO 1997015161A1 FI 9600543 W FI9600543 W FI 9600543W WO 9715161 A1 WO9715161 A1 WO 9715161A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
bit
parameter
authentication response
rand
Prior art date
Application number
PCT/FI1996/000543
Other languages
French (fr)
Inventor
Juhani Murto
Original Assignee
Nokia Telecommunications Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Telecommunications Oy filed Critical Nokia Telecommunications Oy
Priority to EP96934832A priority Critical patent/EP0856233B1/en
Priority to JP9515546A priority patent/JPH11513853A/en
Priority to AU72991/96A priority patent/AU7299196A/en
Priority to DE69635714T priority patent/DE69635714T2/en
Publication of WO1997015161A1 publication Critical patent/WO1997015161A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to security functions in mobile communications networks, and particularly to a subscriber authentication in mobile communications networks.
  • the major aspects of the network security are 1) the protection of the information that the network conveys; and 2) authentication and access control of the users of the network.
  • the major security mechanism for the protection of information is, and is likely to remain, some form of encryption.
  • Authenti ⁇ cation is a means of trying to ensure that information comes from the source it is claimed to come from. It is typically based on passwords and keys. Access rights are assigned in terms of the ability to send and/or receive via the transmission medium. Also access mechanisms typically depend on some form of password or key.
  • radio accessed networks such as Public Land Mobile Networks (PLMN)
  • PLMN Public Land Mobile Networks
  • PLMNs are particularly sensitive to misuse of their resources by unauthorized users and eavesdropping on the information which is exchanged on the radio path. This comes from the possibility to listen to and transmit radio signals from anywhere, without tampering with user's or operator's equipment. It can be seen that PLMNs have a need for a higher level of security than traditional telecommunication networks.
  • the pan-European digital cellular radion which is known as GSM (Global System for Mobile Communications) contains a highly secure authentication system. It is based on socalled challenge and response principle. At subscription time a secret number called a Subscbiber Authentication Key (Ki) is allocated to the subscriber together with an International Mobile Subscriber Identity (IMSI) . K. is stored in a special purpose element of the GSM network, called an Authentication Center (AUC) which is associated with or linked to a Home Location Register (HLR) of the subscriber. AUC contains also a ciphering algorithm, called A8, and an authentication algorithm, called A3, as well as a generation of random numbers RAND.
  • GSM Global System for Mobile Communications
  • AUC Authentication Center
  • AUC contains also a ciphering algorithm, called A8, and an authentication algorithm, called A3, as well as a generation of random numbers RAND.
  • a parameter called a ciphering key K c is generated from K and RAND by the algorithm A8.
  • a parameter called a Signed Response SRES is generated from K. and RAND by the algorithm A3.
  • the three parameters RAND, K c and SRES make up a "triplet" specific of a subsriber to be used for further authentication and ciphering.
  • several triplets are calculated in advance for each subscriber by AUC/HLR and on request delivered to a Visitor Location Register VLR and a Mobile Services Switching Center (MSC) there they are stored.
  • MSC/VLR will always have at least one triplet unused for each of its visitor subscribers . Tight security requires that a triplet is used only once, for one communication, and is then destroyed. When a subscriber has used all it's available triplets, the AUC/HLR is then requested to calculate and send back a new series.
  • a GSM mobile station is split into two parts, one which contains the hardware and software specific to the radio interface, the mobile equipment, and and another which contains the subscriber specific data: the Subscriber Identity Module or SIM.
  • Each subscriber has the SIM, typically in a form of a smart card, which takes responsibility for most of the security functions at the mobile station side. It stores K., the authentication algorithm A3 and the ciphering algorithm A8, as well as the ciphering key K c received from the network side.
  • the VLR/MSC sends the random number RAND (and also K c ) of the triplet to the mobile station.
  • the mobile station more particularly the SIM, processes RAND using the authentication algorithm A3 and the authentication key K. , and returns the resulting Signed Response SRES to the VLR/MSC. This SRES is checked against the SRES of the triplet given by the HLR to. If the two SRESes are equal to each other, the access is allowed, and otherwise denied.
  • K. can be of any format and lenght when stored in Auc/HLR, only if K. would be transported in the network it would be constrained to a maximum lenght of 128 bits.
  • the design choices of GSM both in the mobile station and in the infrastructure, make it possible for the operators to choose the A3 applicable to their own subcsribers independently from other operators.
  • PCS Personal Communications System
  • the CAVE algorithm which might be suitable to be used for authentication in the PCS system would have an 152-bit input parameter consisting of a number of concanated information fields, and a 18-bit output parameter, whereas the A3 algorithm in the GSM has the 128-bit K_ and RAND parameters as input parameters and 32-bit SRES parameter as an output parameter. Therefore, replacement of A3 with the CAVE algorithm in a GSM based mobile communications system is not possible without further modifications. However, modifications may easily affect in various protocols, functions, messages and data structures throughout the system and thereby make the CAVE algorithm technically and economically inattractive. A further disadvantage is that the compability with the GSM system will be lost, and consequently, for example, SIM roaming between the GSM and US PCS systems will not be possible. Summary of the Invention
  • An object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the GSM system or in a GSM based mobile communications network without incurring modifications in GSM authentication parameters .
  • a further object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the
  • GSM system or in a GSM based mobile communications network without modifications in the GSM triplet data structure .
  • a still further object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the GSM system or in a GSM based mobile communications network but otherwise retain the security functions of the standard GSM system.
  • One aspect of the invention is an authentication method for a mobile communications network, comprising steps of utilizing an authentication procedure intended to be used with a first authentication response calculation method, utilizing a second authentication response calculation method instead of said first authentication response calculation method, providing an authentication key compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, for each subscriber of said mobile communications network, generating a random number compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, deriving an input parameter compatible with said second authentication response calculation method from said authetication key and said random number, calculating by said secondtation response calculation method an authentication response incompatible with a authentication response format of said authentication prosedure utilized in said mobile communications network, modifying said authentication response into a format compatible with said authentication response format of said authentication procedure, transferring and storing said authentication response in said mobile communications network in said format compatible with said authentication procedure.
  • parameter adaptation functions are provided between the input parameter of the CAVE algorithm and the GSM type input parameters, namely the random number RAND and the authentication key K if as well as between the output parameter of the CAVE algorithm and the GSM output parameter, namely the signed response SRES.
  • FIG. 1 is a block diagram illustrating a GSM based cellular mobile radio system
  • Fig. 2 is a functional block diagram of the prior art authentication and ciphering parameter processing unit in the authentication center AUC
  • Fig. 3 is a functional block diagram of the prior art authentication and ciphering parameter processing unit in the mobile station MS,
  • Fig. 4 is a functional block diagram of the the authentication and ciphering parameter processing unit in the MSC/VLR,
  • Fig. 5 illustrates the signalling related to the generation, transfer and use of the authentication and ciphering parameters
  • Fig. 6 is a functional block diagram of the authentication and ciphering parameter processing unit according to the invention in the authentication center AUC,
  • Fig. 7 is a functional block diagram of the authentication and ciphering parameter processing unit according to the invention in the mobile station MS.
  • the present invention can be applied in the Paneuropean digital mobile radio system GSM or in any
  • GSM based mobile radio system such as DCS1800 digital communication system and the U.S. digital cellular system called Personal Communication System (PCS) .
  • PCS Personal Communication System
  • the preferred embodiment of the invention will be described as an application in a standard GSM system in the following, the primary field of the application will apparently be the PCS system in the U.S.A.
  • the structure and operation of the GSM system are well known to one skilled in the art and defined in the GSM specifications issued the European Telecommunications
  • the basic structure of GSM system is shown in Figure 1.
  • the GSM structure consists of two parts: the base station subsystem (BSS) , and the network subsystem (NSS) .
  • the BSS and the mobile stations MS communicate via radio connections.
  • each cell is served by a base transceiver station (BTS) .
  • BTS base transceiver station
  • a group of BTS is connected to a base station controller (BSC) whose function is to manage the radio frequencies and channels used by the BTS.
  • BSCs are connected to a mobile switching centre (MS) .
  • the MSC is for switching calls involving at least one mobile station MS.
  • Certain MSCs are connected to other telecommunication networks such as the public switched telephone network (PSTN) , and contain gateway functions for handling calls to and from these networks . These MSCs are known as gateway MSCs (GMSCs) .
  • PSTN public switched telephone network
  • GMSCs gateway MSCs
  • VLR visitor location register
  • GSM Global System for Mobile communications
  • the authentication centre AUC comprises a database 20 which stores the authentication key K. for each mobile subscriber in the GSM network. K. of the mobile subscriber can be retrieved from the database 20 using the IMSI of the mobile subscriber as an index.
  • the AUC is further provided with an ciphering algorithm A8, an authentication algorithm A3, and a random number generator 21.
  • the random number generator 21 provides random numbers RAND having length of 128 bits.
  • retrieved from database 20 and the random number RAND from the random number generator 21 are used as input parameters in the authentication algorithm A3 to calculate the signed response SRES, and as input parameters in ciphering algorithm A8 to calculate the ciphering key K c for traffic channel encoding.
  • the three parameters RAND, SRES and K c make up a triplet for a mobile subscriber.
  • the triplets will be transferred further to the visited MSC/VLR to be used for authentication and ciphering as will be explained in more detail below.
  • a triplet is used only once, for one communication, and is then destroyed. In order to avoid calculation and transfer of triplet every time it is needed, several triplets are calculated in advance for each mobile subscriber by AUC/HLR and on request delivered to the visited MSC/VLR where they are stored.
  • the visited MSC/VLR stores a reserve of a few of such triplets per subscriber to be retrieved at need.
  • Fig. 4 there is shown an example of a security parameter file 40 maintained in the visited MSC/VLR.
  • the file 40 contains n triplets l...n for each IMSI (subscriber) .
  • This reserve in the security parameter file 40 is first established when the mobile subscriber first registers in the visited MSC/VLR: it is part of the subscriber data downloaded from the HLR in the INSERT SUBSCRIBER DATA message.
  • the AUC/HLR is then requested to calculate and send back a new series .
  • this triplet replenishing produce consist of two messages: SEND PARAMETERS message and it's answer, SEND PARAMETERS RESULT message.
  • the former message contains the IMSI of the mobile subscriber which is used to retrieve the K. for calculation of the triplets as described above with reference to Fig. 2.
  • the calculated triplets will be delivered to the MSC/VLR in the SEND PARAMETERS RESULT message and stored in the VLR.
  • the mobile station MS sends an access request to the MSC/VLR.
  • the MSC/VLR retrieves one of the triplets reserved for the subscriber of the mobile station MS in the security parameter file using the IMSI as an index.
  • the MSC/VLR conveys on one hand the value of K c to the channel equipment in the BSC to be used in the traffic channel ciphering, and on the other hand the value of RAND to the MS in the AUTHENTICATION REQUEST message, as shown by block 41 in Fig. 4.
  • the mobile station MS calculates the other values of the triplet (SRES and K_) .
  • the MS stores a copy of the ciphering key K.
  • the MS On receiving the AUTHENTICATION REQUEST message for the MSC/VLR, the MS extracts the RAND from the message, and then inputs the RAND and the stored K. to the algorithms A3 and A8. For calculating the signed response SRES and the ciphering key K c , respectively. The calculated SRES will be conveyed to the MSC/VLR in the AUTHENTICATION RESULT message for completing the authentication as shown in Figs. 4 and 5.
  • the MSC/VLR extracts the value of SRES from AUTHENTICATION RESULT message (block 42) and retrieves the stored value of SRES from the file 40 (block 43) . Then, for this communication, prior to any other processing, the MSC/VLR "authenticates" the mobile subscriber by checking that the SRES calculated in the AUC/HLR is identical to the SRES calculated in the MS (block 44) . If the two values are identical, the access is granted (block 45) . If the two values are not identical, the access is denied (block 46) .
  • the ciphering procedure is not relevant to the present invention and will not be described in more detail herein.
  • the CAVE algorithm has been developed in the USA and the availabilily of the CAVE algorithm information is governed under ITAR (U.S. International Traffic and Arms Regulation) .
  • ITAR U.S. International Traffic and Arms Regulation
  • the CAVE is already used in analog AMPS networks (Advanced Mobile Phone Service) and its input/output parameters are specified in EIA/TIA srandard IS-54.
  • the CAVE algorithm has an 152-bit input parameter consisting of a number of concanated information fields, and a 18-bit output parameter. Problems are, however, encountered in the practical implementation due to the fact that the A3 algorithm in the GSM system has the 128-bit K. and RAND as input parameters and 32-bit SRES as an output parameter.
  • the authentication centre AUC comprises a database 60 and a random number generator 61 which are similar to the database 20 and generator 21 shown in Fig. 2.
  • the database 60 stores the 128-bit authentication keys K. according to the GSM specifications for all mobile subscribers of the GSM network, indexed by the IMSIs.
  • the IMSI by which the K. is selected for furher calculation is receide from a signalling interface 67 which receives it from HLR or VLR, eg. in the SEND PARAMETERS message.
  • the random number generator 61 provides the 128-bit random numbers RAND in accordance with the GSM specifications.
  • the K. and RAND are inputs to the ciphering algorithm A8 which calculates the 64-bit ciphering key K c in accordance with the GSM specifications. In other words, the calculation of K c is identical to that described with reference to Fig. 2.
  • the 128-bit RAND is also an input to a truncation unit 62 which truncates the RAND into 24-bit truncated RAND (TRAND) .
  • TRAND may contain, for example, 24 most significant bits of RAND. It is appreciated, however, that the truncation operation as used herein is intended to cover any method to derive 24-bit random number TRAND from the 128-bit random number RAND.
  • the 24-bit TRAND is then inputted to a combining unit 63, the other input of unit 63 being the 128-bit authentication key K..
  • the output of the combining unit 63 is a 152-bit combination COMP of K. and TRAND.
  • the 128 most significant bits of the COMP may contain the K. and the 24 least significant bits may contain the TRAND. It is appreciated, however, that the combination operation as used herein is intended to cover any method, e.g. a logical operation, to derive 152-bit value by combining K. and TRAND.
  • the 152-bit COMP parameter meets the requirements set on the input parameter of the CAVE algorithm in the calculation unit 65.
  • the parameter adaptation according to the invention derives a CAVE compatible input parameter from the GSM compatible input parameters K- and RAND.
  • the CAVE calculation unit 65 outputs a 18-bit output parameter.
  • the 18-bit output parameter from the CAVE is then inputted to the padding unit 64 in which 14 stuff bits will be inserted so as to obtain a 32-bit value.
  • the 14 stuff bits may establish, for example, the 14 least significant bits of the 32-bit parameter, the 18 most significant bits containing the 18-bit output from CAVE 65. It is appreciated, however, that the padding operation as used herein is intended to cover any method, e.g. logical operation, to lengthen the 18-bit CAVE output parameter by 14 bits to obtain 32 bits.
  • the parameter adaptation according to the invention derives a GSM compatible output parameter from a CAVE compatible output parameter.
  • the three GSM compatible security parameters SRES, K c and RAND will be inputted to a triplet building unit 66 in which a standard GSM triplet is built.
  • the triplet will be transferred to HLR or VLR via the signalling interface 67.
  • the SRES will be transferred and processed in the GSM network in a similar manner as the standard SRES.
  • the mobile station MS stores a copy of the- ciphering key Kj, of the mobile subscriber in a memory 75.
  • the MS also comrises a calculation unit 76 carrying out the ciphering algorithm A8, and a calculation unit 77 carrying out the CAVE algorithm for authentication.
  • the mobile equipment 78 On receiving the AUTHENTICATION REQUEST message from the MSC/VLR, the of the MS, which contains the hardware and software specific to the radio interface, the mobile equipment 78, extracts the RAND form the message, and then inputs the RAND and the stored K. to the A8 calculation unit 76 for calculation of the ciphering key K c .
  • the 128-bit RAND is also an input to a truncation unit 72 which truncates the RAND into 24-bit TRAND.
  • the truncation unit 72 is identical to the truncation unit 62 shown in Fig. 6.
  • the 24-bit TRAND is then inputted to a combining unit 73, together with the 128-bit K .
  • the output of the combining unit 73 is a 152-bit COMP.
  • the combining unit 73 is identical to the combining unit 63 shown in Fig. 6.
  • the 152-bit COMP is then inputted to the CAVE calculation unit 77 which outputs a 18-bit output parameter.
  • the 18-bit output parameter from the CAVE 77 is inputted to a padding unit 74 in which 14 stuff bits are attached so as to provide a 32-bit value.
  • the padding unit 74 is identical to the padding unit 64 shown in
  • the resulting 32-bit output parameter will be then used as the SRES parameter according to the GSM specifications.
  • the SRES will returned to the mobile equipment 78 and sent further to the MSC/VLR in the AUTHENTICATION RESULT message and processed in the MSC/VLR as in the standard GSM system.
  • K t and RAND parameters is shown in Fig. 8.
  • N 128 but it may be any positive integer in these embodiments.
  • K_ will be divided into two parts: 104 bits of the K., e.g. 104 LSB bits, are inputted to an input of a logical unit 81. The remaining
  • RAND will be divided into two parts: 104 bits of the
  • RAND e.g. 104 MSB bits
  • RAND e.g. 104 MSB bits
  • the remaining 24 bits of RAND are inputted to another input of the combiner 82.
  • a logical operation such AND, OR or exclusive OR (XOR) , is performed between the two 104-bit inputs, and a single 104-bit output is provided.
  • the 104-bit output from the logical unit 81 is inputted to the combiner 82.
  • the combiner 82 assembles the two 24-bit inputs and the 104-bit input into a 152- bit parameter to be inputted to the CAVE algorithm.
  • the 104 bits of K. and the 104 bits of RAND may be subdivided into equal number of subblocks, and different logical operations are performed between different subblocks. There may be four subsblocks of 26 bits, for example.

Abstract

An authentication in a GSM based mobile comunications system relies on a challenge and response principle. A 32-bit Signed Response (SRES) parameter is calculated by A3 algorithm from a 128-bit Random Number (RAND) and a 128-bit Authentication Key Ki in a mobile station and in an authentication center, and the SRES values are compared. A CAVE algorithm having a 152-bit input parameter and an 18-bit output parameter is employed as the A3 algorithm. Paramater adaptation functions are provided between the input parameter of the CAVE algorithm and the GSM type input parameters, namely the random number RAND and the authentication key Ki, as well as between the output parameter of the CAVE algorithm and the GSM output parameter, namely the signed response SRES.

Description

Subscriber authentication in a mobile communications system
Field of the invention
The present invention relates to security functions in mobile communications networks, and particularly to a subscriber authentication in mobile communications networks.
Background of the invention
In all telecommunication networks both the users and the network operator have to be protected against undesirable intrusion of third parties as far as possible. Thus several kinds of security functions are needed in the networks. The major aspects of the network security are 1) the protection of the information that the network conveys; and 2) authentication and access control of the users of the network. The major security mechanism for the protection of information is, and is likely to remain, some form of encryption. Authenti¬ cation is a means of trying to ensure that information comes from the source it is claimed to come from. It is typically based on passwords and keys. Access rights are assigned in terms of the ability to send and/or receive via the transmission medium. Also access mechanisms typically depend on some form of password or key.
Due to the use of radio communications for transmissions to the mobile subscribers, radio accessed networks, such as Public Land Mobile Networks (PLMN) , are particularly sensitive to misuse of their resources by unauthorized users and eavesdropping on the information which is exchanged on the radio path. This comes from the possibility to listen to and transmit radio signals from anywhere, without tampering with user's or operator's equipment. It can be seen that PLMNs have a need for a higher level of security than traditional telecommunication networks.
The pan-European digital cellular radion which is known as GSM (Global System for Mobile Communications) contains a highly secure authentication system. It is based on socalled challenge and response principle. At subscription time a secret number called a Subscbiber Authentication Key (Ki) is allocated to the subscriber together with an International Mobile Subscriber Identity (IMSI) . K. is stored in a special purpose element of the GSM network, called an Authentication Center (AUC) which is associated with or linked to a Home Location Register (HLR) of the subscriber. AUC contains also a ciphering algorithm, called A8, and an authentication algorithm, called A3, as well as a generation of random numbers RAND. A parameter called a ciphering key Kc is generated from K and RAND by the algorithm A8. Similarly, a parameter called a Signed Response SRES is generated from K. and RAND by the algorithm A3. The three parameters RAND, Kc and SRES make up a "triplet" specific of a subsriber to be used for further authentication and ciphering. In order to avoid calculation and transfer of triplet every time it is needed, several triplets are calculated in advance for each subscriber by AUC/HLR and on request delivered to a Visitor Location Register VLR and a Mobile Services Switching Center (MSC) there they are stored. MSC/VLR will always have at least one triplet unused for each of its visitor subscribers . Tight security requires that a triplet is used only once, for one communication, and is then destroyed. When a subscriber has used all it's available triplets, the AUC/HLR is then requested to calculate and send back a new series.
A GSM mobile station is split into two parts, one which contains the hardware and software specific to the radio interface, the mobile equipment, and and another which contains the subscriber specific data: the Subscriber Identity Module or SIM. Each subscriber has the SIM, typically in a form of a smart card, which takes responsibility for most of the security functions at the mobile station side. It stores K., the authentication algorithm A3 and the ciphering algorithm A8, as well as the ciphering key Kc received from the network side. During authentication, the VLR/MSC sends the random number RAND (and also Kc) of the triplet to the mobile station. The mobile station, more particularly the SIM, processes RAND using the authentication algorithm A3 and the authentication key K. , and returns the resulting Signed Response SRES to the VLR/MSC. This SRES is checked against the SRES of the triplet given by the HLR to. If the two SRESes are equal to each other, the access is allowed, and otherwise denied.
All the security mechanism in the GSM rely on secrecy of authentication key K. K. is never transmitted and never leaves the AUC/HLR. Also the SIM protects completely K. against reading. Because the mathematical algorithm A3 works only one way (one-way trap door function) it is impossible to derive the key K. from the RAND-SRES pairs transmitted. Further the authentication algorithm A3 itself is a secret algorithm, it can not be found even in the GSM specifications. The specifications only require that computation of K. knowing RAND and SRES should be as complex as possible. This level of complexity determines which security level has been achieved. Beyond this requirement, the only constraint imposed on A3 is the size of the input parameter (RAND is 128 bits long) and the size of the output parameter (SRES must be 32 bits long) . K. can be of any format and lenght when stored in Auc/HLR, only if K. would be transported in the network it would be constrained to a maximum lenght of 128 bits. In fact, the design choices of GSM, both in the mobile station and in the infrastructure, make it possible for the operators to choose the A3 applicable to their own subcsribers independently from other operators.
In the U.S.A a digital cellular system called Personal Communications System (PCS) is under development. The US PCS is based on the GSM system in a great extent, especially as regards network architecture and protocols, including the security functions. However, some minor modifications are being made in various parts of the system. One potential modification might be that authentication algorithm A3 used in the GSM system would be replaced by CAVE algorithm in the US
PCS since the CAVE algorithm has been developed in the
USA and is already used in analog AMPS networks
(Advanced Mobile Phone Service) . The CAVE algorithm which might be suitable to be used for authentication in the PCS system would have an 152-bit input parameter consisting of a number of concanated information fields, and a 18-bit output parameter, whereas the A3 algorithm in the GSM has the 128-bit K_ and RAND parameters as input parameters and 32-bit SRES parameter as an output parameter. Therefore, replacement of A3 with the CAVE algorithm in a GSM based mobile communications system is not possible without further modifications. However, modifications may easily affect in various protocols, functions, messages and data structures throughout the system and thereby make the CAVE algorithm technically and economically inattractive. A further disadvantage is that the compability with the GSM system will be lost, and consequently, for example, SIM roaming between the GSM and US PCS systems will not be possible. Summary of the Invention
An object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the GSM system or in a GSM based mobile communications network without incurring modifications in GSM authentication parameters .
A further object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the
GSM system or in a GSM based mobile communications network without modifications in the GSM triplet data structure .
A still further object of the invention is to enable the use of the CAVE algorithm as the A3 algorithm in the GSM system or in a GSM based mobile communications network but otherwise retain the security functions of the standard GSM system.
One aspect of the invention is an authentication method for a mobile communications network, comprising steps of utilizing an authentication procedure intended to be used with a first authentication response calculation method, utilizing a second authentication response calculation method instead of said first authentication response calculation method, providing an authentication key compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, for each subscriber of said mobile communications network, generating a random number compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, deriving an input parameter compatible with said second authentication response calculation method from said authetication key and said random number, calculating by said second autentication response calculation method an authentication response incompatible with a authentication response format of said authentication prosedure utilized in said mobile communications network, modifying said authentication response into a format compatible with said authentication response format of said authentication procedure, transferring and storing said authentication response in said mobile communications network in said format compatible with said authentication procedure. According to the invention parameter adaptation functions are provided between the input parameter of the CAVE algorithm and the GSM type input parameters, namely the random number RAND and the authentication key Kif as well as between the output parameter of the CAVE algorithm and the GSM output parameter, namely the signed response SRES. As a result no modifications are needed in the CAVE algorithm itself, nor it is necessary to depart from the GSM type security functions elsewhere than in the calculation of SRES in the authentication center AUC/HLR and in the mobile station MS.
Brief Description of the Drawings
The preferred embodiments of the invention will be described with reference to attached drawing, wherein Fig. 1 is a block diagram illustrating a GSM based cellular mobile radio system,
Fig. 2 is a functional block diagram of the prior art authentication and ciphering parameter processing unit in the authentication center AUC, Fig. 3 is a functional block diagram of the prior art authentication and ciphering parameter processing unit in the mobile station MS,
Fig. 4 is a functional block diagram of the the authentication and ciphering parameter processing unit in the MSC/VLR,
Fig. 5 illustrates the signalling related to the generation, transfer and use of the authentication and ciphering parameters, Fig. 6 is a functional block diagram of the authentication and ciphering parameter processing unit according to the invention in the authentication center AUC,
Fig. 7 is a functional block diagram of the authentication and ciphering parameter processing unit according to the invention in the mobile station MS.
Preferred Embodiments of the Invention
The present invention can be applied in the Paneuropean digital mobile radio system GSM or in any
GSM based mobile radio system, such as DCS1800 digital communication system and the U.S. digital cellular system called Personal Communication System (PCS) . Although the preferred embodiment of the invention will be described as an application in a standard GSM system in the following, the primary field of the application will apparently be the PCS system in the U.S.A. The structure and operation of the GSM system are well known to one skilled in the art and defined in the GSM specifications issued the European Telecommunications
Standards Institute ETSI . A reference is also made to the GSM system for a mobile communications, M.Mouly & M.Pautet, Palaiseau, France, 1992; ISBN2-9507190-0-7.
The basic structure of GSM system is shown in Figure 1. The GSM structure consists of two parts: the base station subsystem (BSS) , and the network subsystem (NSS) . The BSS and the mobile stations MS communicate via radio connections. In the BSS, each cell is served by a base transceiver station (BTS) . A group of BTS is connected to a base station controller (BSC) whose function is to manage the radio frequencies and channels used by the BTS. The BSCs are connected to a mobile switching centre (MS) . The MSC is for switching calls involving at least one mobile station MS. Certain MSCs are connected to other telecommunication networks such as the public switched telephone network (PSTN) , and contain gateway functions for handling calls to and from these networks . These MSCs are known as gateway MSCs (GMSCs) .
There are two main types of database concerned with the routing of calls. There is a home location register (HLR) that stores subscriber data on all the subscribers of the network on a permanent or semipermanent basis, including information on the services to which the subscriber may have access, and the current location of the subscriber. The second type of register is the visitor location register (VLR) . The VLR is attached generally to one MSC, but it may, however, serve several MSCs. It is common practice that VLR is integrated into the MSC. This integrated network element is known as visitor MSC (VMSC) . Whenever a mobile station MS is active (logged on and able to make or receive a call) most of the mobile subscriber data about a mobile station MS that is held in the HLR is downloaded (copied) into the VLR of the MSC in whose area the mobile MS is .
As noted above, in the mobile radio service, great care must by taken to prevent unauthorized call attempts and intrusion or listening-in by third parties. Protection mechanisms in GSM system authenticate the calling or called mobile station, and use ciphering key to encode speech and data on the traffic channel .
The prior art mechanism according to the GSM specifications for providing authentication and ciphering keys will now be described with reference to Figures 2, 3, 4 and 5.
At subscription time a secret number called a subscriber authentication key (K. ) is allocated to the mobile subscriber together with an international mobile subscriber identity (IMSI) . As shown in Figure 2, the authentication centre AUC comprises a database 20 which stores the authentication key K. for each mobile subscriber in the GSM network. K. of the mobile subscriber can be retrieved from the database 20 using the IMSI of the mobile subscriber as an index. The AUC is further provided with an ciphering algorithm A8, an authentication algorithm A3, and a random number generator 21. The random number generator 21 provides random numbers RAND having length of 128 bits. The key K. retrieved from database 20 and the random number RAND from the random number generator 21 are used as input parameters in the authentication algorithm A3 to calculate the signed response SRES, and as input parameters in ciphering algorithm A8 to calculate the ciphering key Kc for traffic channel encoding. The three parameters RAND, SRES and Kc make up a triplet for a mobile subscriber.
The triplets will be transferred further to the visited MSC/VLR to be used for authentication and ciphering as will be explained in more detail below.
A triplet is used only once, for one communication, and is then destroyed. In order to avoid calculation and transfer of triplet every time it is needed, several triplets are calculated in advance for each mobile subscriber by AUC/HLR and on request delivered to the visited MSC/VLR where they are stored.
The visited MSC/VLR stores a reserve of a few of such triplets per subscriber to be retrieved at need. Referring to Fig. 4, there is shown an example of a security parameter file 40 maintained in the visited MSC/VLR. The file 40 contains n triplets l...n for each IMSI (subscriber) .
This reserve in the security parameter file 40 is first established when the mobile subscriber first registers in the visited MSC/VLR: it is part of the subscriber data downloaded from the HLR in the INSERT SUBSCRIBER DATA message. When a subscriber has used all it's available triplets, the AUC/HLR is then requested to calculate and send back a new series . Referring to Fig. 5, this triplet replenishing produce consist of two messages: SEND PARAMETERS message and it's answer, SEND PARAMETERS RESULT message. The former message contains the IMSI of the mobile subscriber which is used to retrieve the K. for calculation of the triplets as described above with reference to Fig. 2. The calculated triplets will be delivered to the MSC/VLR in the SEND PARAMETERS RESULT message and stored in the VLR.
Referring further to Fig. 4, the mobile station MS sends an access request to the MSC/VLR. The MSC/VLR retrieves one of the triplets reserved for the subscriber of the mobile station MS in the security parameter file using the IMSI as an index. The MSC/VLR conveys on one hand the value of Kc to the channel equipment in the BSC to be used in the traffic channel ciphering, and on the other hand the value of RAND to the MS in the AUTHENTICATION REQUEST message, as shown by block 41 in Fig. 4. On basis of the RAND the mobile station MS calculates the other values of the triplet (SRES and K_) . Referring to Fig. 3, the MS stores a copy of the ciphering key K. of the mobile subscriber, as well as the ciphering algorithm A8 and the authentication algorithm A3. On receiving the AUTHENTICATION REQUEST message for the MSC/VLR, the MS extracts the RAND from the message, and then inputs the RAND and the stored K. to the algorithms A3 and A8. For calculating the signed response SRES and the ciphering key Kc, respectively. The calculated SRES will be conveyed to the MSC/VLR in the AUTHENTICATION RESULT message for completing the authentication as shown in Figs. 4 and 5.
Referring to Fig. 4, the MSC/VLR extracts the value of SRES from AUTHENTICATION RESULT message (block 42) and retrieves the stored value of SRES from the file 40 (block 43) . Then, for this communication, prior to any other processing, the MSC/VLR "authenticates" the mobile subscriber by checking that the SRES calculated in the AUC/HLR is identical to the SRES calculated in the MS (block 44) . If the two values are identical, the access is granted (block 45) . If the two values are not identical, the access is denied (block 46) .
The ciphering procedure is not relevant to the present invention and will not be described in more detail herein. As noted in the background art of the invention, it might be a need to use the CAVE algorithm as the authentication algorithm A3 in the USA a digital cellular system called Personal Communications System (PCS) , or other cellular systems based on the GSM system in a great extent, especially as regards network architecture and protocols, including the security functions. The CAVE algorithm has been developed in the USA and the availabilily of the CAVE algorithm information is governed under ITAR (U.S. International Traffic and Arms Regulation) . However, the CAVE is already used in analog AMPS networks (Advanced Mobile Phone Service) and its input/output parameters are specified in EIA/TIA srandard IS-54. The CAVE algorithm has an 152-bit input parameter consisting of a number of concanated information fields, and a 18-bit output parameter. Problems are, however, encountered in the practical implementation due to the fact that the A3 algorithm in the GSM system has the 128-bit K. and RAND as input parameters and 32-bit SRES as an output parameter.
These problems will be overcome when, according to the present invention, an adaptation of the parameters is made at the input and output of the CAVE algorithm. As a result, no modifications are needed in the CAVE algorithm itself, nor it is necessary to depart from the GSM specifications elsewhere than in the calculation of SRES in the AUC/HLR and the MS.
The preferred embodiments of the parameter adaptation according to the invention will now be described with reference to Figs. 6 and 7.
Referring now to Fig. 6, the authentication centre AUC according to the invention comprises a database 60 and a random number generator 61 which are similar to the database 20 and generator 21 shown in Fig. 2. The database 60 stores the 128-bit authentication keys K. according to the GSM specifications for all mobile subscribers of the GSM network, indexed by the IMSIs. The IMSI by which the K. is selected for furher calculation is receide from a signalling interface 67 which receives it from HLR or VLR, eg. in the SEND PARAMETERS message. The random number generator 61 provides the 128-bit random numbers RAND in accordance with the GSM specifications.
The K. and RAND are inputs to the ciphering algorithm A8 which calculates the 64-bit ciphering key Kc in accordance with the GSM specifications. In other words, the calculation of Kc is identical to that described with reference to Fig. 2.
The 128-bit RAND is also an input to a truncation unit 62 which truncates the RAND into 24-bit truncated RAND (TRAND) . The TRAND may contain, for example, 24 most significant bits of RAND. It is appreciated, however, that the truncation operation as used herein is intended to cover any method to derive 24-bit random number TRAND from the 128-bit random number RAND. It should be noted that although the lenght of K. is 128 bits in the preferred embodiment, it may have any length of N bits, where N is integer less than or equal to 128. Consequently, lenght M of TRAND depends on N, being M=152-N bits.
The 24-bit TRAND is then inputted to a combining unit 63, the other input of unit 63 being the 128-bit authentication key K.. The output of the combining unit 63 is a 152-bit combination COMP of K. and TRAND. The 128 most significant bits of the COMP may contain the K. and the 24 least significant bits may contain the TRAND. It is appreciated, however, that the combination operation as used herein is intended to cover any method, e.g. a logical operation, to derive 152-bit value by combining K. and TRAND.
The 152-bit COMP parameter meets the requirements set on the input parameter of the CAVE algorithm in the calculation unit 65. Thus, the parameter adaptation according to the invention derives a CAVE compatible input parameter from the GSM compatible input parameters K- and RAND. As a result of the calculation, the CAVE calculation unit 65 outputs a 18-bit output parameter.
The 18-bit output parameter from the CAVE is then inputted to the padding unit 64 in which 14 stuff bits will be inserted so as to obtain a 32-bit value. The 14 stuff bits may establish, for example, the 14 least significant bits of the 32-bit parameter, the 18 most significant bits containing the 18-bit output from CAVE 65. It is appreciated, however, that the padding operation as used herein is intended to cover any method, e.g. logical operation, to lengthen the 18-bit CAVE output parameter by 14 bits to obtain 32 bits.
The resulting 32-bit output parameter will be then used as the signed response SRES according to the GSM specifications. Thus, the parameter adaptation according to the invention derives a GSM compatible output parameter from a CAVE compatible output parameter.
The three GSM compatible security parameters SRES, Kc and RAND will be inputted to a triplet building unit 66 in which a standard GSM triplet is built. The triplet will be transferred to HLR or VLR via the signalling interface 67. Thus, the SRES will be transferred and processed in the GSM network in a similar manner as the standard SRES.
Referring now to Fig. 7, the mobile station MS according to the invention stores a copy of the- ciphering key Kj, of the mobile subscriber in a memory 75. The MS also comrises a calculation unit 76 carrying out the ciphering algorithm A8, and a calculation unit 77 carrying out the CAVE algorithm for authentication. On receiving the AUTHENTICATION REQUEST message from the MSC/VLR, the of the MS, which contains the hardware and software specific to the radio interface, the mobile equipment 78, extracts the RAND form the message, and then inputs the RAND and the stored K. to the A8 calculation unit 76 for calculation of the ciphering key Kc. In the preferred embodiment of the invention all the functional blocks except 78 are located in the Subscriber Identity Module or SIM of the MS. The 128-bit RAND is also an input to a truncation unit 72 which truncates the RAND into 24-bit TRAND. The truncation unit 72 is identical to the truncation unit 62 shown in Fig. 6. The 24-bit TRAND is then inputted to a combining unit 73, together with the 128-bit K . The output of the combining unit 73 is a 152-bit COMP. The combining unit 73 is identical to the combining unit 63 shown in Fig. 6. The 152-bit COMP is then inputted to the CAVE calculation unit 77 which outputs a 18-bit output parameter.
The 18-bit output parameter from the CAVE 77 is inputted to a padding unit 74 in which 14 stuff bits are attached so as to provide a 32-bit value. The padding unit 74 is identical to the padding unit 64 shown in
Fig. 6.
The resulting 32-bit output parameter will be then used as the SRES parameter according to the GSM specifications. The SRES will returned to the mobile equipment 78 and sent further to the MSC/VLR in the AUTHENTICATION RESULT message and processed in the MSC/VLR as in the standard GSM system.
An example of alternative embodiments for deriving the 152-bit CAVE input parameter from the N-bit
Kt and RAND parameters is shown in Fig. 8. In the following examples N=128 but it may be any positive integer in these embodiments. K_ will be divided into two parts: 104 bits of the K., e.g. 104 LSB bits, are inputted to an input of a logical unit 81. The remaining
24 bits of Ki are inputted to a combiner 82. Similarly,
RAND will be divided into two parts: 104 bits of the
RAND, e.g. 104 MSB bits, are inputted to the logical unit 81. The remaining 24 bits of RAND are inputted to another input of the combiner 82. A logical operation, such AND, OR or exclusive OR (XOR) , is performed between the two 104-bit inputs, and a single 104-bit output is provided. The 104-bit output from the logical unit 81 is inputted to the combiner 82. The combiner 82 assembles the two 24-bit inputs and the 104-bit input into a 152- bit parameter to be inputted to the CAVE algorithm. When applied in the authenticatication center of Fig. 6 and in the mobile station of Fig. 7, the logical unit 81 and the combiner 82 will substitute for the truncation unit 62,72 and the combiner 63,73, respectively.
As a further modification to the embodiment of the Fig. 8, the 104 bits of K. and the 104 bits of RAND may be subdivided into equal number of subblocks, and different logical operations are performed between different subblocks. There may be four subsblocks of 26 bits, for example.
The drawing and the associated description is solely intended to ilustrate the present invention. Changes and modifications will apparent to a skilled person in the art without departing from the scope and spirit of the attached claims.

Claims

Claims
1. An authentication center for a mobile communications network, comprising a database storing an authentication key for each subscriber of said mobile communications network, said authentication key being an input parameter for calculation of a ciphering key and an authentication response parameter and in a format required by a first authentication procedure, a source of a random number, said random number being another input parameter for calculation of a ciphering key and an authentication response parameter and in a format required by said first authentication procedure, an encryption key calculation unit having said authentication key from the database and a random number from said source of random numbers as input parameters and outputting a ciphering key in a format according to said first authentication procedure, an authentication response parameter calculation unit requiring a single input parameter and outputting an authetication response parameter in a format other than the format of the authentication response parameter according to said first authentication procedure, a first adaptation unit responsive to said authentication key and said random number as input parameters for providing said single input parameter to said authentication response calculation unit, a second adaptation unit responsive to said authentication response parameter outputted by said authentication response parameter calculation unit for providing said authentication response parameter according to the first authentication procedure.
2. An authentication parameter processing unit in a mobile station, comprising a memory storing an authentication key for a mobile subscriber using said mobile station, said authentication key being an input parameter for calculation of a ciphering key and an authentication response parameter and in a format required by a first authentication procedure, a source of a random number, said random number being another input parameter for calculation of a ciphering key and an authentication response parameter and in a format required by said first authentication procedure, an encryption key calculation unit having said authentication key from the database and a random number from said source of random numbers as input parameters and outputting a ciphering key in a format according to said first authentication procedure, an authentication response parameter calculation unit requiring a single input parameter and outputting an authetication response parameter in a format other than the format of the authentication response parameter according to said first authentication procedure, a first adaptation unit responsive to said authentication key and said random number as input parameters for providing said single input parameter to said authentication response calculation unit, a second adaptation unit responsive to said authentication response parameter outputted by said authentication response parameter calculation unit for providing said authentication response parameter according to the first authentication procedure.
3. An authentication method for a mobile communications network, comprising steps of utilizing an authentication procedure intended to be used with a first authentication response calculation method, utilizing a second authentication response calculation method instead of said first authentication response calculation method, providing an authentication key compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, for each subscriber of said mobile communications network, generating a random number compatible with said first authentication response calculation method but incompatible with said second authentication response calculation method, deriving an input parameter compatible with said second authentication response calculation method from said authetication key and said random number, calculating by said second autentication response calculation method an authentication response incompatible with a authentication response format of said authentication prosedure utilized in said mobile communications network, modifying said authentication response into a format compatible with said authentication response format of said authentication procedure, transferring and storing said authentication response in said mobile communications network in said format compatible with said authentication procedure.
4. An authentication method for a GSM based mobile communications network, comprising steps of utilizing a GSM based authentication procedure intended to be used with a GSM based authentication response calculation method, said GSM based authentication response calculation method comprising 128-bit random number RAND and N-bit authentication key K- as input parameters and a 32-bit signed response SRES as an output parameter, N being a positive integer, utilizing a CAVE calculation method as an authentication response calculation method instead of said GSM based authentication response calculation method, said CAVE method comprising a 152-bit input parameter and a 18-bit output parameter, providing unique value of said N-bit K. for each subscriber of said mobile communications network, storing said values of K. in a database in an authentication center, receiving a request to provide said SRES for one of said mobile subscribers, retrieving said N-bit K. of said one of said mobile subscribers from said database, generating said 128-bit RAND, deriving said 152-bit input parameter from said N-bit K. and 128-bit RAND, calculating by said CAVE calculation method said 18-bit output parameter, padding 14 additional bits into said 18-bit output parameter to obtain said 32-bit SRES, transferring and storing said 32-bit SRES in said GSM based mobile communications network according to said GSM based authentication procedure.
5. A method according as claimed in claim 4, wherein said step of deriving comprises steps of truncating said 128-bit RAND into (152-N)-bit truncated RAND, N being an integer less than or equal to 128, combining said (152-N) -bit truncated RAND with said N-bit K. to obtain said 152-bit input parameter.
6. An authentication method for a GSM based mobile communications network, comprising steps of utilizing a GSM based authentication procedure intended to be used with a GSM based authentication response calculation method, said GSM based authentication response calculation method comprising 128-bit random number RAND and N-bit authentication key ^ as input parameters and a 32-bit signed response SRES as an output parameter, N being a positive integer, utilizing a CAVE calculation method as an authentication response calculation method instead of said GSM based authentication response calculation method, said CAVE method comprising a 152-bit input parameter and a 18-bit output parameter, storing an unique value of said N-bit Ki provided for a mobile subscriber in a memory of a mobile station, receiving from a base station by said mobile station an authentication request including said 128-bit RAND, retrieving said N-bit Ki from said memory, deriving said 152-bit input parameter from said N-bit ^ and 128-bit" RAND, calculating by said CAVE calculation method said
18-bit output parameter, padding 14 additional bits into said 18-bit output parameter to obtain said 32-bit SRES, transmitting said 32-bit SRES to said base station.
7. A method according as claimed in claim 6, wherein said step of deriving comprises steps of truncating said 128-bit RAND into (152-N)-bit truncated RAND, N being an integer less than or equal to 128, combining said (152-N) -bit truncated RAND with said N-bit K± to obtain said 152-bit input parameter.
8. An authentication parameter calculation unit for a mobile communication system, comprising a CAVE algorithm calculator having a first input for receiving a 152-bit input parameter, and an output for outputting a 18-bit output parameter, a first adaptor having a first input for receiving 128-bit random number RAND, a second input fo receiving a N-bit authentication key Ki, and an output for outputting said 152-bit input parameter derived from said N-bit K_ and 128-bit RAND to said input of said CAVE algorithm calculator, N being a positive integer, a second adaptor having an input for receiving said 18-bit output parameter CAVE algorithm calculator, and an output for outputting a 32-bit signed response
SRES, wherein KL l RAND and SRES are GSM-based authentication parameters.
PCT/FI1996/000543 1995-10-17 1996-10-16 Subscriber authentication in a mobile communications system WO1997015161A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP96934832A EP0856233B1 (en) 1995-10-17 1996-10-16 Subscriber authentication in a mobile communications system
JP9515546A JPH11513853A (en) 1995-10-17 1996-10-16 Subscriber authentication in mobile communication systems
AU72991/96A AU7299196A (en) 1995-10-17 1996-10-16 Subscriber authentication in a mobile communications system
DE69635714T DE69635714T2 (en) 1995-10-17 1996-10-16 PARTICIPANTS AUTHENTICATION IN A MOBILE COMMUNICATION SYSTEM

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/544,199 1995-10-17
US08/544,199 US5991407A (en) 1995-10-17 1995-10-17 Subscriber authentication in a mobile communications system

Publications (1)

Publication Number Publication Date
WO1997015161A1 true WO1997015161A1 (en) 1997-04-24

Family

ID=24171172

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI1996/000543 WO1997015161A1 (en) 1995-10-17 1996-10-16 Subscriber authentication in a mobile communications system

Country Status (8)

Country Link
US (1) US5991407A (en)
EP (1) EP0856233B1 (en)
JP (1) JPH11513853A (en)
AT (1) ATE315315T1 (en)
AU (1) AU7299196A (en)
CA (1) CA2234655A1 (en)
DE (1) DE69635714T2 (en)
WO (1) WO1997015161A1 (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19730301C1 (en) * 1997-07-10 1998-09-03 Deutsche Telekom Mobil Mutual authentication method for network components
EP0902598A1 (en) * 1997-09-10 1999-03-17 Koninklijke Philips Electronics N.V. Telephonic device including a base station and at least a single handset, subscription process for the handset, the handset itself and its corresponding base station
EP0933957A1 (en) * 1998-01-05 1999-08-04 Lucent Technologies Inc. Effective use of dialed digits in call origination
EP0955783A2 (en) * 1998-05-07 1999-11-10 Lucent Technologies Inc. Method and apparatus for performing authentication for roaming between different mobile communication systems
DE19820422A1 (en) * 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh Method for authenticating a chip card within a message transmission network
WO2000018061A1 (en) * 1998-09-22 2000-03-30 Infineon Technologies Ag Method for authenticating at least one subscriber during a data exchange
WO2000024218A1 (en) * 1998-10-19 2000-04-27 Telefonaktiebolaget Lm Ericsson (Publ) A method and a system for authentication
WO2000036860A1 (en) * 1998-12-16 2000-06-22 Nokia Networks Oy A method for controlling connections to a mobile station
EP1052862A2 (en) * 1999-05-11 2000-11-15 Robert Bosch Gmbh Method and electronic device for encrypting an identification number
WO2001013666A1 (en) * 1999-08-16 2001-02-22 Nokia Networks Oy Authentication in a mobile communications system
WO2001076298A1 (en) * 2000-03-30 2001-10-11 Nokia Corporation Subscriber authentication
WO2003050774A1 (en) * 2001-12-10 2003-06-19 Beamtrust A/S A method of distributing a public key
WO2007090129A2 (en) * 2006-01-30 2007-08-09 Qualcomm Incorporated Gsm authentication in a cdma network
US8064904B2 (en) 2003-03-18 2011-11-22 Qualcomm Incorporated Internetworking between a first network and a second network
US8098818B2 (en) 2003-07-07 2012-01-17 Qualcomm Incorporated Secure registration for a multicast-broadcast-multimedia system (MBMS)
US8121296B2 (en) 2001-03-28 2012-02-21 Qualcomm Incorporated Method and apparatus for security in a data processing system
US8713400B2 (en) 2001-10-12 2014-04-29 Qualcomm Incorporated Method and system for reduction of decoding complexity in a communication system
US8718279B2 (en) 2003-07-08 2014-05-06 Qualcomm Incorporated Apparatus and method for a secure broadcast system
US8724803B2 (en) 2003-09-02 2014-05-13 Qualcomm Incorporated Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
US8971790B2 (en) 2003-01-02 2015-03-03 Qualcomm Incorporated Method and apparatus for broadcast services in a communication system
US8983065B2 (en) 2001-10-09 2015-03-17 Qualcomm Incorporated Method and apparatus for security in a data processing system
US9100457B2 (en) 2001-03-28 2015-08-04 Qualcomm Incorporated Method and apparatus for transmission framing in a wireless communication system
EP3611950A1 (en) * 2018-08-13 2020-02-19 Thales Dis France SA Method for transferring from a first device a key to a second device in a telecommunication network

Families Citing this family (91)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6311587B1 (en) 1994-07-29 2001-11-06 Allen-Pal Llc Tool handle for holding multiple tools of different sizes during use
AU708071B2 (en) * 1995-09-21 1999-07-29 Siemens Aktiengesellschaft Method for a reliable interface between a telephone having a card and the network in a telephone system
FI101670B1 (en) * 1995-12-15 1998-07-31 Nokia Mobile Phones Ltd A method for communicating concealment of data transfer between a mobile station network and a mobile station
FI102235B1 (en) * 1996-01-24 1998-10-30 Nokia Telecommunications Oy Management of authentication keys in a mobile communication system
US6393270B1 (en) * 1996-10-11 2002-05-21 Bellsouth Intellectual Property Corp. Network authentication method for over the air activation
US6075859A (en) * 1997-03-11 2000-06-13 Qualcomm Incorporated Method and apparatus for encrypting data in a wireless communication system
DE19718827C2 (en) * 1997-05-05 2000-01-05 Deutsche Telekom Mobil Method and device for authenticating mobile radio subscribers
FR2763769B1 (en) * 1997-05-21 1999-07-23 Alsthom Cge Alcatel METHOD FOR ALLOWING DIRECT ENCRYPTED COMMUNICATION BETWEEN TWO RADIO NETWORK TERMINALS AND CORRESPONDING STATION AND TERMINAL ARRANGEMENTS
FI105965B (en) * 1998-07-07 2000-10-31 Nokia Networks Oy Authentication in telecommunications networks
US6665530B1 (en) * 1998-07-31 2003-12-16 Qualcomm Incorporated System and method for preventing replay attacks in wireless communication
WO2000019733A2 (en) * 1998-09-30 2000-04-06 Bellsouth Intellectual Property Corporation Method and apparatus for a unit locked against use until unlocked and/or activated on a selected network
US7599681B2 (en) * 1998-09-30 2009-10-06 At&T Intellectual Property I, L.P. Methods and apparatus of over-the-air programming of a wireless unit
WO2000078085A1 (en) 1999-06-15 2000-12-21 Bellsouth Intellectual Property Corporation Methods and apparatus for over-the-air programming of a wireless unit
US6317834B1 (en) * 1999-01-29 2001-11-13 International Business Machines Corporation Biometric authentication system with encrypted models
GB9903123D0 (en) * 1999-02-11 1999-04-07 Nokia Telecommunications Oy Method of securing communication
FR2790177B1 (en) * 1999-02-22 2001-05-18 Gemplus Card Int AUTHENTICATION IN A RADIOTELEPHONY NETWORK
TW518497B (en) * 1999-03-30 2003-01-21 Sony Corp Information processing system
US7313381B1 (en) * 1999-05-03 2007-12-25 Nokia Corporation Sim based authentication as payment method in public ISP access networks
DE19922288A1 (en) * 1999-05-14 2000-11-23 Siemens Ag Arrangement for mobile communication
GB2350981A (en) * 1999-06-11 2000-12-13 Int Computers Ltd Cryptographic key recovery
US6633979B1 (en) * 1999-06-25 2003-10-14 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for secure linking of entity authentication and ciphering key generation
AU2724501A (en) * 1999-11-15 2001-05-30 Verizon Laboratories Inc. Cryptographic techniques for a communications network
US7131006B1 (en) * 1999-11-15 2006-10-31 Verizon Laboratories Inc. Cryptographic techniques for a communications network
US6915272B1 (en) * 2000-02-23 2005-07-05 Nokia Corporation System and method of secure payment and delivery of goods and services
US7653377B1 (en) * 2000-07-07 2010-01-26 Bellsouth Intellectual Property Corporation Pre-paid wireless interactive voice response system with variable announcements
KR20020020135A (en) * 2000-09-08 2002-03-14 정규석 End-to-end security system and method for wireless internet
KR20020020133A (en) * 2000-09-08 2002-03-14 정규석 PKI system for and method of using WAP browser on mobile terminals
US20040038706A1 (en) * 2000-10-19 2004-02-26 Wasser Amos S. Telephone call routing
US6642643B2 (en) * 2000-12-20 2003-11-04 Thomson Licensing S.A. Silicate materials for cathode-ray tube (CRT) applications
JP2002198956A (en) * 2000-12-27 2002-07-12 Toshiba Corp Communication equipment and its authentication method
US7693508B2 (en) * 2001-03-28 2010-04-06 Qualcomm Incorporated Method and apparatus for broadcast signaling in a wireless communication system
US8077679B2 (en) 2001-03-28 2011-12-13 Qualcomm Incorporated Method and apparatus for providing protocol options in a wireless communication system
US7178027B2 (en) * 2001-03-30 2007-02-13 Capital One-Financial Corp. System and method for securely copying a cryptographic key
US8028083B2 (en) * 2001-04-30 2011-09-27 Activcard Ireland, Limited Method and system for remote activation and management of personal security devices
US7225465B2 (en) * 2001-04-30 2007-05-29 Matsushita Electric Industrial Co., Ltd. Method and system for remote management of personal security devices
US7363486B2 (en) * 2001-04-30 2008-04-22 Activcard Method and system for authentication through a communications pipe
US20020162021A1 (en) * 2001-04-30 2002-10-31 Audebert Yves Louis Gabriel Method and system for establishing a remote connection to a personal security device
DE60203277T2 (en) * 2001-04-30 2006-03-30 Activcard Ireland Ltd. METHOD AND SYSTEM FOR AUTHENTICATING A PERSONAL SECURITY DEVICE COMPRISING AT LEAST ONE REMOTE COMPUTER SYSTEM
US6957066B1 (en) * 2001-05-16 2005-10-18 Cisco Technology, Inc. Method and apparatus for registering a mobile device
US7215942B1 (en) * 2001-08-09 2007-05-08 Bellsouth Intellectual Property Corp. Architecture for managing prepaid wireless communications services
US20040029562A1 (en) * 2001-08-21 2004-02-12 Msafe Ltd. System and method for securing communications over cellular networks
US8140845B2 (en) * 2001-09-13 2012-03-20 Alcatel Lucent Scheme for authentication and dynamic key exchange
US7162631B2 (en) * 2001-11-02 2007-01-09 Activcard Method and system for scripting commands and data for use by a personal security device
US7194765B2 (en) * 2002-06-12 2007-03-20 Telefonaktiebolaget Lm Ericsson (Publ) Challenge-response user authentication
US20030167399A1 (en) * 2002-03-01 2003-09-04 Yves Audebert Method and system for performing post issuance configuration and data changes to a personal security device using a communications pipe
DE10226744B4 (en) * 2002-06-14 2005-05-04 T-Mobile Deutschland Gmbh Content and security proxy in a mobile communication system
US7539629B1 (en) * 2002-06-20 2009-05-26 At&T Intellectual Property I, L.P. System and method for replenishing a wireless terminal account
US7716723B1 (en) * 2002-10-07 2010-05-11 Cisco Technology, Inc. System and method for network user authentication
US7333809B2 (en) 2003-03-18 2008-02-19 At&T Mobility Ii Llc Multi-standard prepaid communication services
CN1323523C (en) * 2003-04-02 2007-06-27 华为技术有限公司 Method of forming dynamic key in radio local network
CN1846395A (en) * 2003-07-08 2006-10-11 高通股份有限公司 Apparatus and method for a secure broadcast system
CN100450109C (en) * 2003-07-14 2009-01-07 华为技术有限公司 A safety authentication method based on media gateway control protocol
CN100461780C (en) * 2003-07-17 2009-02-11 华为技术有限公司 A safety authentication method based on media gateway control protocol
CN100403742C (en) * 2003-07-25 2008-07-16 华为技术有限公司 A method of safety authentication between media gateway and media gateway controller
KR100987207B1 (en) * 2003-08-02 2010-10-12 삼성전자주식회사 Method for ciphering in a mobile communication system of serving multimedia broadcast/multicast service
US7519815B2 (en) * 2003-10-29 2009-04-14 Microsoft Corporation Challenge-based authentication without requiring knowledge of secret authentication data
US7818572B2 (en) 2003-12-09 2010-10-19 Dominic Kotab Security system and method
US20050138355A1 (en) * 2003-12-19 2005-06-23 Lidong Chen System, method and devices for authentication in a wireless local area network (WLAN)
US7971053B2 (en) * 2004-05-26 2011-06-28 At&T Intellectual Property I, L. P. Methods, systems, and products for intrusion detection
US7765404B2 (en) * 2004-06-29 2010-07-27 Nokia Corporation Providing content in a communication system
US20060046690A1 (en) * 2004-09-02 2006-03-02 Rose Gregory G Pseudo-secret key generation in a communications system
DE102005026982A1 (en) * 2005-06-10 2006-12-14 Siemens Ag Method for agreeing a security key between at least one first and a second communication subscriber for securing a communication connection
US7706792B1 (en) * 2005-08-10 2010-04-27 At&T Mobility Ii Llc Intelligent customer care support
EP1976322A1 (en) * 2007-03-27 2008-10-01 British Telecommunications Public Limited Company An authentication method
US8011277B2 (en) 2007-05-10 2011-09-06 Wagic, Inc. Hand tool with multiple bit storage and a method for using the same
US8090343B2 (en) * 2007-05-29 2012-01-03 At&T Mobility Ii Llc Optimized camel triggering for prepaid calling
US7983655B2 (en) * 2007-06-20 2011-07-19 At&T Mobility Ii Llc Conditional call treatment for prepaid calls
US8090344B2 (en) * 2007-07-23 2012-01-03 At&T Mobility Ii Llc Dynamic location-based rating for prepaid calls
US20090061856A1 (en) * 2007-08-28 2009-03-05 Cingular Wireless Ii, Llc Peak off-peak rating for prepaid terminating calls
US20090061868A1 (en) * 2007-08-28 2009-03-05 Cingular Wireless Ii, Llc Decisionmaking for dynamic local time updates in a prepaid terminating call
US8774798B2 (en) * 2007-08-28 2014-07-08 At&T Mobility Ii Llc Determining capability to provide dynamic local time updates in a prepaid terminating call
FR2920935B1 (en) * 2007-09-06 2009-12-11 Miyowa METHOD FOR EXCHANGING REQUESTS BETWEEN THE COMPUTER APPLICATION OF A MOBILE TERMINAL AND AN INSTANT MESSAGING SERVER
US8180321B2 (en) * 2007-09-26 2012-05-15 At&T Mobility Ii Llc Recovery of lost revenue in prepaid calls
FR2923130A1 (en) * 2007-10-24 2009-05-01 Miyowa Sa INSTANT MESSAGING METHOD AND SYSTEM FOR MOBILE TERMINALS EQUIPPED WITH A VIRTUAL PRESENCE SERVER FOR AUTOMATICALLY MANAGING AN INSTANT MESSAGING SESSION
FR2926176B1 (en) * 2008-01-08 2014-10-10 Miyowa INFORMATION TRANSFER COMMUNICATION NETWORK BETWEEN A MOBILE TERMINAL AND SOURCE SERVERS, AND TERMINAL AND METHOD FOR MANAGING THE TRANSFER OF INFORMATION IN SUCH A NETWORK.
FR2926428B1 (en) * 2008-01-16 2010-03-19 Miyowa METHOD FOR FILTERING MESSAGES IN AN INSTANT MESSAGING SYSTEM OF MOBILE TERMINALS, INSTANT MESSAGING SYSTEM, AND SERVER THEREFOR
US8499667B2 (en) 2008-01-17 2013-08-06 WAGIC, Inc Tool holder
US8033200B2 (en) 2008-01-17 2011-10-11 Wagic, Inc. Universal ratcheting tool
US8468916B2 (en) 2008-01-17 2013-06-25 Wagic, Inc. Biaxial foldout tool with multiple tools on a side and a rotational stop
US20100179982A1 (en) * 2009-01-15 2010-07-15 Miyowa Method for auditing the data of a computer application of a terminal
US20100228790A1 (en) * 2009-03-03 2010-09-09 Miyowa Method for activating functionalities proposed in a computer terminal
FR2944624A1 (en) * 2009-04-16 2010-10-22 Miyowa METHOD FOR AUTHORIZING A CONNECTION BETWEEN A COMPUTER TERMINAL AND A SOURCE SERVER
FR2944667A1 (en) * 2009-04-16 2010-10-22 Miyowa METHOD FOR AUTHENTICATING A CLIENT MOBILE TERMINAL FROM A REMOTE SERVER
US8621963B2 (en) 2009-10-05 2014-01-07 Wagic, Inc. Dual purpose flip-out and T handle
US9098850B2 (en) * 2011-05-17 2015-08-04 Ping Identity Corporation System and method for transaction security responsive to a signed authentication
US8346672B1 (en) 2012-04-10 2013-01-01 Accells Technologies (2009), Ltd. System and method for secure transaction process via mobile device
AU2012257312A1 (en) 2011-05-17 2014-01-16 Ping Identity Corporation System and method for performing a secure transaction
WO2013030832A1 (en) 2011-08-31 2013-03-07 Accells Technologies (2009) Ltd. System and method for secure transaction process via mobile device
US9781105B2 (en) 2015-05-04 2017-10-03 Ping Identity Corporation Fallback identity authentication techniques
CN105743914B (en) * 2016-03-31 2019-03-22 宇龙计算机通信科技(深圳)有限公司 A kind of voice encryption communication means, calling terminal, called end and system
CN106453318A (en) * 2016-10-14 2017-02-22 北京握奇智能科技有限公司 Data transmission system and method based on security module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319710A (en) * 1986-08-22 1994-06-07 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encrytions for network transmission
EP0675615A1 (en) * 1994-03-29 1995-10-04 France Telecom Method for the combined authentication of a telecommunications terminal and a user module in a communications network
US5513245A (en) * 1994-08-29 1996-04-30 Sony Corporation Automatic generation of private authentication key for wireless communication systems

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI87963C (en) * 1991-06-06 1993-03-10 Telenokia Oy FOERFARANDE FOER BILDANDE AV ETT ANKOMMANDE SAMTAL TILL EN RADIOTELEFON I ETT CELLRADIOTELEFONSYSTEM
US5551073A (en) * 1993-02-25 1996-08-27 Ericsson Inc. Authentication key entry in cellular radio system
JP2531354B2 (en) * 1993-06-29 1996-09-04 日本電気株式会社 Authentication method
KR960700616A (en) * 1993-11-24 1996-01-20 타게 뢰흐그렌; 얼링 블로메 AUTHENTICATION FOR ANALOG COMMUNICATION SYSTEMS
US5629974A (en) * 1995-11-16 1997-05-13 Nokia Telecommunications Oy Communication system providing mobility management internetworking between a C-interface radio system and an overlay mobile radio network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319710A (en) * 1986-08-22 1994-06-07 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encrytions for network transmission
EP0675615A1 (en) * 1994-03-29 1995-10-04 France Telecom Method for the combined authentication of a telecommunications terminal and a user module in a communications network
US5513245A (en) * 1994-08-29 1996-04-30 Sony Corporation Automatic generation of private authentication key for wireless communication systems

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19730301C1 (en) * 1997-07-10 1998-09-03 Deutsche Telekom Mobil Mutual authentication method for network components
EP0902598A1 (en) * 1997-09-10 1999-03-17 Koninklijke Philips Electronics N.V. Telephonic device including a base station and at least a single handset, subscription process for the handset, the handset itself and its corresponding base station
US6285870B1 (en) 1997-09-10 2001-09-04 U.S. Philips Corporation Telephony device comprising a base station and at least one handset, subscription method of a handset, handset and base station suitable for such a device
US6118993A (en) * 1998-01-05 2000-09-12 Lucent Technologies, Inc. Effective use of dialed digits in call origination
EP0933957A1 (en) * 1998-01-05 1999-08-04 Lucent Technologies Inc. Effective use of dialed digits in call origination
EP0955783A2 (en) * 1998-05-07 1999-11-10 Lucent Technologies Inc. Method and apparatus for performing authentication for roaming between different mobile communication systems
EP0955783A3 (en) * 1998-05-07 2000-01-19 Lucent Technologies Inc. Method and apparatus for performing authentication for roaming between different mobile communication systems
US6584310B1 (en) 1998-05-07 2003-06-24 Lucent Technologies Inc. Method and apparatus for performing authentication in communication systems
DE19820422A1 (en) * 1998-05-07 1999-11-11 Giesecke & Devrient Gmbh Method for authenticating a chip card within a message transmission network
WO2000018061A1 (en) * 1998-09-22 2000-03-30 Infineon Technologies Ag Method for authenticating at least one subscriber during a data exchange
US6934843B2 (en) 1998-09-22 2005-08-23 Infineon Technologies Ag Method for authenticating at least one subscriber during a data interchange
KR100399809B1 (en) * 1998-09-22 2003-09-29 인피니언 테크놀로지스 아게 Method for authenticating at least one subscriber during a data exchange
WO2000024218A1 (en) * 1998-10-19 2000-04-27 Telefonaktiebolaget Lm Ericsson (Publ) A method and a system for authentication
WO2000036860A1 (en) * 1998-12-16 2000-06-22 Nokia Networks Oy A method for controlling connections to a mobile station
US7231046B1 (en) 1998-12-16 2007-06-12 Nokia Corporation Method for controlling connections to a mobile station
EP1052862A3 (en) * 1999-05-11 2001-05-02 Siemens Aktiengesellschaft Method and electronic device for encrypting an identification number
EP1052862A2 (en) * 1999-05-11 2000-11-15 Robert Bosch Gmbh Method and electronic device for encrypting an identification number
WO2001013666A1 (en) * 1999-08-16 2001-02-22 Nokia Networks Oy Authentication in a mobile communications system
US8503676B2 (en) 2000-03-30 2013-08-06 Nokia Corporation Subscriber authentication
USRE45873E1 (en) 2000-03-30 2016-01-26 Nokia Technologies Oy Subscriber authentication
JP2007234030A (en) * 2000-03-30 2007-09-13 Nokia Corp Subscriber authentication
JP4676968B2 (en) * 2000-03-30 2011-04-27 ノキア コーポレイション Subscriber authentication
WO2001076298A1 (en) * 2000-03-30 2001-10-11 Nokia Corporation Subscriber authentication
US8121296B2 (en) 2001-03-28 2012-02-21 Qualcomm Incorporated Method and apparatus for security in a data processing system
US9100457B2 (en) 2001-03-28 2015-08-04 Qualcomm Incorporated Method and apparatus for transmission framing in a wireless communication system
US8983065B2 (en) 2001-10-09 2015-03-17 Qualcomm Incorporated Method and apparatus for security in a data processing system
US8730999B2 (en) 2001-10-12 2014-05-20 Qualcomm Incorporated Method and system for reduction of decoding complexity in a communication system
US8713400B2 (en) 2001-10-12 2014-04-29 Qualcomm Incorporated Method and system for reduction of decoding complexity in a communication system
US7362869B2 (en) 2001-12-10 2008-04-22 Cryptomathic A/S Method of distributing a public key
WO2003050774A1 (en) * 2001-12-10 2003-06-19 Beamtrust A/S A method of distributing a public key
US8971790B2 (en) 2003-01-02 2015-03-03 Qualcomm Incorporated Method and apparatus for broadcast services in a communication system
US8064904B2 (en) 2003-03-18 2011-11-22 Qualcomm Incorporated Internetworking between a first network and a second network
US8064880B2 (en) 2003-03-18 2011-11-22 Qualcomm Incorporated Using shared secret data (SSD) to authenticate between a CDMA network and a GSM network
US8098818B2 (en) 2003-07-07 2012-01-17 Qualcomm Incorporated Secure registration for a multicast-broadcast-multimedia system (MBMS)
US8718279B2 (en) 2003-07-08 2014-05-06 Qualcomm Incorporated Apparatus and method for a secure broadcast system
US8724803B2 (en) 2003-09-02 2014-05-13 Qualcomm Incorporated Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
US8229398B2 (en) 2006-01-30 2012-07-24 Qualcomm Incorporated GSM authentication in a CDMA network
WO2007090129A3 (en) * 2006-01-30 2007-10-18 Qualcomm Inc Gsm authentication in a cdma network
WO2007090129A2 (en) * 2006-01-30 2007-08-09 Qualcomm Incorporated Gsm authentication in a cdma network
EP3611950A1 (en) * 2018-08-13 2020-02-19 Thales Dis France SA Method for transferring from a first device a key to a second device in a telecommunication network
WO2020035404A1 (en) * 2018-08-13 2020-02-20 Thales Dis France Sa Method for transferring from a first device a key to a second device in a telecommunication network

Also Published As

Publication number Publication date
ATE315315T1 (en) 2006-02-15
AU7299196A (en) 1997-05-07
US5991407A (en) 1999-11-23
CA2234655A1 (en) 1997-04-24
JPH11513853A (en) 1999-11-24
EP0856233A1 (en) 1998-08-05
EP0856233B1 (en) 2006-01-04
DE69635714T2 (en) 2006-06-29
DE69635714D1 (en) 2006-03-30

Similar Documents

Publication Publication Date Title
EP0856233B1 (en) Subscriber authentication in a mobile communications system
EP0976278B1 (en) Preventing misuse of a copied subscriber identity in a mobile communication system
US6584310B1 (en) Method and apparatus for performing authentication in communication systems
US5943425A (en) Re-authentication procedure for over-the-air activation
USRE45873E1 (en) Subscriber authentication
US6928558B1 (en) Method and arrangement for reliably identifying a user in a computer system
EP0977452B1 (en) Method for updating secret shared data in a wireless communication system
US5557654A (en) System and method for authenticating subscribers of a transmission network and subscription, having differing authentication procedures, using a common authentication center
EP1168870B1 (en) An improved method for an authentication of a user subscription identity module
US6373949B1 (en) Method for user identity protection
KR101097709B1 (en) Authenticating access to a wireless local area network based on security value(s) associated with a cellular system
JP2004048738A (en) Messaging method in communication system
EP1121822B1 (en) Authentication in a mobile communications system
Walker Security in mobile and cordless telecommunications
KR20010004463A (en) Method for user authentication using User Identity Module in digital cellular telecommunication system
Vojvoda A survey of security mechanisms in mobile communication systems
WO2020141561A1 (en) Method and system for transmission of secure information to a hand-held device
Duraiappan et al. Improving Speech Security and Authentication in Mobile Communications

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2234655

Country of ref document: CA

Ref country code: CA

Ref document number: 2234655

Kind code of ref document: A

Format of ref document f/p: F

ENP Entry into the national phase

Ref country code: JP

Ref document number: 1997 515546

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 1996934832

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1996934832

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 1996934832

Country of ref document: EP