Cryptography – Cellular telephone cryptographic authentication
Reexamination Certificate
1999-02-26
2003-03-11
Smithers, Matthew B. (Department: 2134)
Cryptography
Cellular telephone cryptographic authentication
C713S168000
Reexamination Certificate
active
06532290
ABSTRACT:
BACKGROUND
This invention relates to telecommunication and more particularly to multiple access telecommunication and even more particularly to cellular radio telephone communication. This invention enables a first party electronically to verify the identity of a second party and vice versa before the parties engage in enciphered communications using a ciphering key provided as a byproduct of the identity-verification process.
The problem of ensuring the security of a communication session, whether the session involves audio, video, or another kind of data, is not a new one. U.S. Pat. No. 4,799,061 to Abraham et al. describes a system for authenticating components in a communication system that is illustrated by
FIG. 1. A
first party wishing to initiate communication with a second party chooses a random number which is applied at point A with the first party's secret key as inputs of an enciphering algorithm
1
. The first party's algorithm
1
enciphers the random number according to the secret key, and the resulting enciphered random number is transmitted by the first party to the second party. The second party applies the received enciphered random number with its own secret key as inputs of a deciphering algorithm
2
. The deciphering algorithm
2
reproduces at point B the random number applied by the first party at point A only if the second party's secret key is the same as the first party's secret key and their algorithms are the same. The second party applies the reproduced random number with its secret key as inputs of the second party's enciphering algorithm
1
. The second party's algorithm
1
enciphers the second party's secret key according to the reproduced random number, and the resulting enciphered second party's secret key is transmitted by the second party to the first party. The first party deciphers the received enciphered second party's secret key using its random number as the deciphering key in its deciphering algorithm
2
. A comparator
3
determines whether the first party's secret key and the deciphered second party's secret key are the same; if they are, the first party has authenticated the second party, which in this context is to say that both parties are using the same algorithms and keys. Communication then proceeds using the random number, which both parties now possess, as a ciphering and deciphering key.
The system described in the Abraham patent has a number of disadvantages. In order for the second party to be able to reproduce at point B the same random number inserted by the first party at point A, the transmission from A to B must be “information lossless”. One of the consequences of information-lossless transmission is that the number of digits of the enciphered random number transmitted from the first party to the second party cannot be less than the number of digits of the random number. If fewer digits were transmitted, there would inevitably be less information transmitted than necessary to reproduce the random number. Indeed, the characteristics of cipher algorithms are such that not even a single digit of the random number would be guaranteed to be reproduced error free at point B unless sufficient information is contained in the enciphered random number.
Furthermore, the Abraham patent uses the random number for enciphering the second party's key for transmission. If this transmission is intercepted and the random number contains a lower number of digits (i.e., is shorter than) the key, it will be easier for an eavesdropper to crack the ciphering and thereby read the secret key than it would be to crack the secret key itself. Thus, the security of the system is no greater than that determined by the length of the random number. To avoid compromising the degree of security afforded by the secret key, the length of the random number must be greater than or equal to the length of the key, and thus the enciphered random number transmitted from the first party to the second party must also be longer than the key. Choosing a long key for adequate security, however, requires significant transmission time, which is a scarce or expensive resource in some communication systems, for example, cellular telephone systems.
Nevertheless, the need for communication security is acute in flexible systems like cellular telephony. In the United States, losses due to cellular telephone fraud run into the hundreds of millions of dollars, forcing manufacturers, service providers, the Federal Communications Commission (FCC) and industry trade groups to investigate a number of techniques for combating such fraud. One technique involves authenticating both the radio base station and the mobile station, i.e., both ends of a communication link, in order to avoid connection to fraudulent entities.
A simplified layout of a cellular communications system is depicted in FIG.
2
. Mobile telephones M
1
-M
10
communicate with the fixed part of a public switched network by transmitting radio signals to, and receiving radio signals from, cellular base stations B
1
-B
10
. The cellular base stations B
1
-B
10
are, in turn, connected to the public switched network via a Mobile Switching Center (MSC). Each base station B
1
-B
10
transmits signals within a corresponding area, or “cell” C
1
-C
10
. As depicted in
FIG. 2
, an idealized arrangement of base stations are organized so that the cells substantially cover an area in which mobile telephone communication ordinarily occurs (e.g., a metropolitan area), with a minimum amount of overlap.
When a user activates a mobile telephone within a cell, the mobile telephone transmits a signal indicating the mobile telephone's presence to the cell's base station. The mobile telephone transmits the signal, which may include its electronic serial number (ESN), in a designated set-up channel that is continuously monitored by each base station. When the base station receives the mobile telephone's signal, it registers the mobile telephone's presence within the cell. This process can be repeated periodically so that the mobile telephone is appropriately registered in the event that it moves into another cell.
When a mobile telephone number is dialed, a telephone company central office recognizes the number as a mobile telephone and forwards the call to the MSC. The MSC sends a paging message to certain base stations based on the dialed mobile telephone number and current registration information. One or more of the base stations transmits a page on its set-up channel. The dialed mobile telephone recognizes its identification on the set-up channel, and responds to the base station page. The mobile telephone also follows an instruction to tune to an assigned voice channel and then initiates ringing. When a mobile user terminates a communication, a signaling tone is transmitted to the base station, and both sides release the voice channel.
In the above described operation, mobile telephones are not connected permanently to a fixed network but instead communicate through a so-called “air interface” with a base station. This, of course, provides the flexibility of cellular communication systems, since a user can readily transport a mobile telephone without the restriction of being physically linked to a communication system. This same feature, however, also creates difficulties with respect to securing information transmitted over cellular telephone systems.
For example, in ordinary wired telephone systems, a central office exchange can identify a particular subscriber to be billed for use of a telephone set by the communication line to which it is physically attached. Thus, fraudulent use of a subscriber's account typically requires that a physical connection be made to the subscriber's line. This presents a risk of discovery to a would-be fraudulent user.
Cellular telecommunication systems, on the other hand, pose no such connection problem for the would-be fraudulent user since these systems communicate over an air interface. Absent prote
Coats & Bennett P.L.L.C.
Ericsson Inc.
Smithers Matthew B.
LandOfFree
Authentication methods does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication methods, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication methods will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3033460