Authentication failure trigger method and apparatus

Telecommunications – Radiotelephone system – Security or fraud prevention

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Authentication failure trigger method and apparatus Authentication failure trigger method and apparatus

: 1998-12-11
: 2001-05-22
: Maung, Nay (Department: 2681)
: Telecommunications
: Radiotelephone system
: Security or fraud prevention

: C455S410000, C455S433000, C380S248000
: Reexamination Certificate
: active
: 06236852
: ABSTRACT:

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to telecommunications, and more particularly, to cellular authentication and voice privacy. The present invention further relates to authentication functions described in the ANSI-41 standard, and more particularly, to the Shared Secret Data (SSD) sharing and authentication failure reporting functions.
2. Discussion of the Related Art
With reference to
FIG. 1
, a telecommunications network
10
illustrates a typical arrangement of functional entities involved in both the SSD sharing and authentication failure reporting functions. Network
10
includes a home system
12
and a serving system
14
. In the home system
12
, the authentication center (AC)
16
is coupled to the home location register (HLR)
18
via signal lines
17
according to the ANSI-41 standards. The home system
12
is coupled to the serving system
14
via signal lines
19
according to ANSI-41 standards. In particular, signal lines
19
extend between the home location register (HLR)
18
of the home system
12
and the visitor location register (VLR)
20
of the serving system
14
. The visitor location register
20
is coupled to a mobile switching center (MSC)
22
of the serving system
14
, the MSC
22
being coupled to a base station (BS)
24
. The BS
24
then couples a mobile station (MS)
26
to the serving system
14
, according to a given air interface protocol such as the IS54-B/IS91-A/IS136/IS95-A standards. Mobile station (MS)
26
is authentication capable and employs a cellular authentication and voice encryption algorithm (CAVE).
Authentication of a mobile station (MS)
26
in a telecommunication network
10
relates to a set of functions used to prevent fraudulent access to cellular networks by phones illegally programmed with counterfeit mobile identification (MIN) and electronic serial number (ESN) information. A successful outcome of authentication occurs when it can be demonstrated that a mobile station (MS)
26
and network
10
possess identical results of an independent calculation performed in both the MS
26
and the network
10
. An authentication center (AC)
16
is the primary functional entity in the telecommunications network
10
responsible for acting as authentication controller, although, when SSD is shared, serving system
14
(i.e., the Visitor Location Register (VLR)
20
) is allocated some control over the network's authentication responsibilities.
With respect to the allocated responsibilities of the serving system
14
and according to the ANSI-41 standards, the ANSI-41 shared secret data (SSD) sharing function encompasses the processes by which the authentication center (AC)
16
and the serving system
14
(i.e., the visitor location register (VLR)
20
) manage the sharing of authentication responsibilities for a visiting mobile station (MS)
26
. Serving system control of authentication network functions in this manner reduces the authentication-related signaling traffic between the serving and home systems and the associated call processing delays. Furthermore, shared secret data (SSD) sharing gives the serving system
14
local control over the authentication of a visiting mobile station (MS)
26
. Specifically, the serving system
14
can control network functions which include: a) global challenge for all but the initial system access, when SSD sharing is not yet established; b) unique challenge, again for all but the initial system access; c) the base station challenge portion of an authentication center AC-initiated SSD update; and d) count update.
Turning now to
FIG. 2
, in conjunction with
FIG. 1
, a message flow diagram of a simple authentication failure scenario with authentication failure report (AFREPORT) and involving an authentication result (AUTHR) mismatch upon mobile origination, registration, or page response while SSD is shared with the serving system is shown. In particular, the authentication failure scenario with authentication failure report (AFREPORT) includes the following steps. In a first step, identified by reference numeral
30
, when an authentication-capable mobile station (MS) accesses the system
10
, the serving mobile switching center (MSC)
22
sends an authentication request (AUTHREQ) to the serving visitor location register (VLR)
20
. In a next step, identified by reference numeral
32
, the serving visitor location register (VLR)
20
determines that an Authentication Failure Report (AFREPORT) is necessary due to an AUTHR mismatch and sends an AFREPORT to the home location register (HLR)
18
associated with the mobile station (MS). In a next step
34
, the home location register (HLR)
18
forwards the AFREPORT to the authentication center (AC)
16
of the home system
12
. The authentication center (AC)
16
then determines that the mobile station (MS) should be denied access (according to the AC's internal authentication algorithms). In a next step
36
, the AC
16
returns an afreport to the requesting home location register (HLR)
18
and includes a deny access parameter. In a next step
38
, the home location register (HLR)
18
forwards the afreport to the serving visitor location register (VLR)
20
. Lastly, in step
40
, the serving visitor location register (VLR)
20
forwards the deny access parameter to the serving mobile switching center (MSC)
22
in the authreq, instructing the serving mobile switching center (MSC)
22
to deny access to the particular mobile station (MS)
26
.
Turning now to
FIG. 3
, also in conjunction with
FIG. 1
, a message flow diagram of a complex authentication failure scenario with AFREPORT and involving an AUTHR mismatch upon mobile origination, registration, or page response while SSD is shared with the serving system is shown. In particular, the authentication failure scenario with AFREPORT includes the following steps. In a first step
50
, when an authentication-capable mobile station (MS)
26
accesses the system
10
, the serving mobile switching center (MSC)
22
sends an authentication request (AUTHREQ) to the serving visitor location register (VLR)
20
. In a next step
52
, the serving visitor location register (VLR) determines that an Authentication Failure Report (AFREPORT) is necessary due to an AUTHR mismatch and sends an AFREPORT to the home location register (HLR)
18
associated with the mobile station (MS)
26
. In a next step
54
, the home location register (HLR)
18
forwards the AFREPORT to the authentication center (AC)
16
of the home system
12
. The authentication center (AC)
16
then determines that a unique challenge (U.C.) should be performed on the mobile station (MS)
26
according to the authentication center's internal authentication algorithms. In a next step
56
, the AC
16
returns an afreport to the requesting home location register (HLR)
18
and includes the unique challenge (UC) parameters. In a next step
58
, the home location register (HLR)
18
forwards the afreport to the serving visitor location register (VLR)
20
. In a next step
60
, the serving visitor location register (VLR)
20
forwards the unique challenge (U.C.) parameters to the serving mobile switching center (MSC)
22
in the authreq, instructing the serving mobile switching center (MSC)
22
to perform a unique challenge (U.C.)
62
on the mobile station (MS)
26
. The serving mobile switching center (MSC)
22
then determines that the unique challenge (U.C.) fails and reports the same via an authentication status report (ASREPORT). In a next step
64
, the mobile switching center (MSC)
22
sends an ASREPORT to the serving visitor location register (VLR)
20
. In a next step
66
, the serving visitor location register (VLR)
20
, noting that the report is not for an operation it has initiated, forwards the ASREPORT to the home location register (HLR)
18
associated with the mobile station (MS)
26
. In a next step
68
, the home location register (HLR)
18
forwards the ASREPORT to the authentication center (AC)
16
. The authentication center (AC)
16
the

Affiliated with

Kirby Verne

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Veerasamy Jey

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Haynes and Boone L.L.P.

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

Maung Nay

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Nortel Networks Limited

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Authentication failure trigger method and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication failure trigger method and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication failure trigger method and apparatus will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2445477

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure