Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1999-10-22
2002-04-23
Chin, Vivian (Department: 2682)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S410000, C455S502000
Reexamination Certificate
active
06377792
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to communication networks and, in particular, to network-subscriber device authentication.
BACKGROUND OF THE INVENTION
In a wireless communication network, subscriber devices are authenticated by the network to prevent non-registered and fraudulent subscriber devices from accessing the network. Methods of authentication or verification are currently implemented in wireless networks as either a one-way authentication or mutual authentication.
One-way authentication occurs when a subscriber device is initially powered-up or at periodic intervals while the subscriber device is powered on. Typically, the network will send an authentication request message containing a publicly-known key or code to the subscriber device. The subscriber device, upon receiving the authentication request message and publicly-known key derives an authentication response message. The authentication response message is sent back to the network and is processed by the network to determine if access will be granted. Thus, the authentication or verification only occurs in one direction (subscriber device-to-network). A problem with one-way authentication or verification, is that only the authenticating devices are protected from fraud. The non-authenticating device (i.e. base station) may be a
false network device
acquiring information from the authenticating subscriber device.
Mutual authentication or verification occurs when a subscriber device proceeds through authentication or verification as described above in addition to the network being authenticated or verified by the subscriber device. A method of mutual authentication is the direct challenge with response confirmation method. Either the network side or subscriber side may selectively challenge (authenticate) the other at any time. In an alternate approach, every message has authentication information transferred between the network and subscriber device. A problem with the mutual authentication of each message and the direct challenge approach is that the bandwidth overhead proves to be costly and inefficient.
As an example of the potential security threat, a base site will typically be employed as a transmission link to enable a subscriber device to both send and receive data packets with a packet data network. A simple method of verifying the base site to the subscriber device may consist of integrating a time-varying password with the data packets that are sent to the subscriber device. In this manner there is no need for the separate transmission of a challenge from the subscriber device to the base site, since both units maintain a common perception of time. This method is commonly used for access to data servers, and is marketed by SECURITY DYNAMICS™ as the “Ace” card.
However, in some applications, the base site is also responsible for the maintenance of “time” as perceived by the subscriber device. Therefore a false base site could replay previous verification responses to the subscriber device if the false base can modify the subscriber device's perception of time.
Thus, a need exists in the art for a method and apparatus for protecting subscriber devices in a wireless communication network against
false base site
that are able to gain access to subscriber information.
REFERENCES:
patent: 4903327 (1990-02-01), Raghuram et al.
patent: 5121408 (1992-06-01), Cai et al.
patent: 5164923 (1992-11-01), Avis
patent: 5235270 (1993-08-01), Shimada et al.
patent: 5555551 (1996-09-01), Rudikas et al.
patent: 5862482 (1999-01-01), Beesley
patent: 5987316 (1999-11-01), Gordon et al.
patent: 6019500 (2000-02-01), Hasegawa et al.
patent: 6047174 (2000-04-01), Frederick
patent: 6094572 (2000-07-01), Sandre et al.
patent: 6167482 (2000-12-01), Schmidt et al.
patent: H03-019464 (1991-01-01), None
Brown Daniel P.
Thorson Dean E.
Appiah Charles N.
Beladi Sayed Hossein
Chin Vivian
May Steven A.
Motorola Inc.
LandOfFree
Method and apparatus for network-to-user verification of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for network-to-user verification of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for network-to-user verification of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2836684