Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1997-11-19
2001-05-08
Maung, Nay (Department: 2681)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S422100, C455S466000, C455S557000
Reexamination Certificate
active
06230002
ABSTRACT:
The present invention relates generally to a manner by which to authenticate a wireless host to communicate with a host site of a limited-access network. More particularly, the present invention relates to a method, and associated apparatus, by which computations associated with authentication procedures, such as the formation of a password, are performed at a mobile terminal to which the wireless host is connected. The computations need not be performed at the wireless host, or other separate physical entity. Because the computations are not performed at the wireless host or other separate physical entity, improved authentication security results.
In the exemplary implementation, use is made of a processing device forming a portion of a SIM (subscriber identity module), defined in the GSM (Global System for Mobile Communications) cellular, communication system, specification reference ISO/IEC/7816. During authentication procedures, when a wireless host is to be authenticated, a password formed, or otherwise stored, at the processing device of the SIM is forwarded to an authentication server of the private network. If the wireless host connected to the mobile terminal is authenticated, responsive to the values of the password, the wireless host is permitted to communicate with a host site of the private network.
In a further exemplary implementation, an encryption key is formed, or otherwise stored, by the processing device of the SIM. The encryption key is used to encrypt data generated at the wireless host and transmitted to the host site of the private network by way of the mobile terminal.
BACKGROUND OF THE INVENTION
Advancements in communication technologies have permitted the development, implementation, and widespread usage of new types of communication systems. Information can be communicated between sending and receiving stations located at sites at which communication had been precluded, at thruput rates previously not practical, and at quality levels previously unattainable.
Advancements in the field of radio communication technologies have permitted the implementation of communications by way of digital cellular communication systems. High-quality communications can be effectuated by way of a mobile terminal positioned at any location within a coverage area of the network infrastructure of the digital cellular communication system without the need of a wireline connection extending to the mobile terminal.
At least one type of digital, cellular communication system, the GSM (Global System for Mobile Communications) system, provides for the communication of both circuit-switched data as well as packet-data. The capability to communicate packet-data by way of a mobile terminal permits, for instance, host sites connected to the Internet to be accessed by way of a mobile terminal operable in the GSM communication system. By connecting a wireless host, such as a laptop computer, to the mobile terminal, otherwise-conventional packet-data communications between the wireless host and the host site of the Internet are possible.
Communications between the wireless host and a host site of a private network connected to the Internet can similarly be effectuated. A private network is typically a limited-access network in which access to host sites of the private network is limited only to users authorized to access such host site.
When the private network is connected to the Internet, or other external network, security procedures, such as authentication procedures, are carried out when access to a host site of the private network is requested from a location beyond the private network. Selective access to the host site of the private network is permitted as the request from the remote location to access the host site of the private network must be authenticated to have been originated at a host authorized to access the private network.
In one typical authentication procedure, a password is generated at the site requesting access to the host site of the private network. In some systems, a symmetric cryptographic technique is used to create and authenticate the password; in other communication systems asymmetric cryptographic techniques are utilized to create and authenticate the password.
In conventional operation of a GSM cellular communication system, the mobile terminal includes a SIM (subscriber identity module) which is releasably coupled to the mobile terminal. The SIM includes subscriber information including, for instance, data used to permit the mobile terminal to gain access to the network infrastructure of the GSM communication system.
A SIM constructed pursuant to the GSM Phase 2+ specification, namely at the ISO/IEC/7816 specification, includes a password generator formed on the SIM. The password generator produces a password, and the password generator includes an encryption algorithm, a secret key, and additional algorithms which, when executed, generate the password. The SIM is connected to a wireless host by way of an interface or is separated from the wireless host. If the SIM is connected to the wireless host, a password and/or encryption key is generated at the SIM and provided to the wireless host by way of the interface. If the SIM is not connected to the wireless host, the password has to be separately entered, such as by user, type-written entry, to the wireless host.
In the existing art, therefore, the password generator is physically separated from the mobile terminal. Compromise of authentication security is possible as a separate physical entity is used to generate the password.
A manner by which to ensure better the authentication security of a wireless host requesting access to a private network would therefore be advantageous.
It is in light of this background information related to accessing of private networks would therefore be advantageous.
SUMMARY OF THE INVENTION
The present invention, accordingly, advantageously provides a method, and associated apparatus, by which computations associated with authentication procedures, such as the formation of a password at a mobile terminal connected to a wireless host can be carried out. The password used in authentication procedures to authenticate the wireless host to permit its access to a private network is formed at a processing device carried with the mobile terminal and releasably connected thereto.
In an exemplary embodiment, the processing device at which the password is formed, or otherwise stored, forms a portion of a SIM (subscriber identity module) removably attached to the mobile terminal. Because the computations performed to form or store the password are performed at a processing device carried by the mobile terminal, improved authentication security is provided, better to assure that only authorized wireless hosts are permitted to gain access to a private network.
The present invention also provides a method, and associated apparatus, by which computations associated with the formation of an encryption key used in encryption procedures are carried out at a mobile terminal connected to a wireless host. Improved encryption security is again permitted as computations involved in the formation of an encryption key need not be performed at a separate physical entity. Again, in an exemplary implementation, the processing device at which the encryption key is formed forms a portion of a SIM defined in the GSM communication system, specification reference ISO/IEC/7816. Encryption security is better assured as the encryption key is formed, or otherwise stored, at the SIM.
In one aspect of the present invention, when communications are to be initiated between the wireless host and a host site of a private network, an authentication server at the private network requests that a password be provided thereto and forwards the request to the mobile terminal. Once the request is received at the mobile terminal, a password-generation application is executed at the SIM to generate a password. Once formed, the password is provided to the wireless host to be used thereafter in authentication procedure
Darroch John
Flodén Anders
Johannsen Berndt Ove
Johansson Lena
Jenkens & Gilchrist P.C.
Maung Nay
Telefonaktiebolaget L M Ericsson (publ)
LandOfFree
Method, and associated apparatus, for selectively permitting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, and associated apparatus, for selectively permitting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, and associated apparatus, for selectively permitting... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2442600