Cryptography – Cellular telephone cryptographic authentication
Reexamination Certificate
1997-07-31
2002-03-26
Hayes, Gail (Department: 2131)
Cryptography
Cellular telephone cryptographic authentication
C713S168000
Reexamination Certificate
active
06363151
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention concerns a method and system for subscriber authentification and/or encryption of items of information for use in a mobile radiotelephone network.
In the article “Safety First bei europaweiter Mobilkommunikation,” telcom report 16 (1993), no. 6, pp. 326 to 329, a method and system is described for protecting subscriber data against unauthorized access and from misuse of items of personal subscriber information for mobile subscribers of a cellular digital mobile radiotelephone network according to the international GSM standard (Global System for Mobile Communication). The mobile subscribers, who can communicate across national borders in the networks of the various providers, thereby identify themselves to the respective network with a subscriber identity module, also called an SIM card, which is contained in the radiotelephone subscriber station. After receiving the SIM card, the mobile subscriber is registered in an authentification center, which respectively provides security parameters and security algorithms for protection of the subscriber data to the mobile subscribers. For this purpose, the authentification center is provided with a security box in which the security algorithms are implemented. In addition, there is also the familiar possibility of encrypting (ciphering) the items of information for the transmission.
Due to the high security relevance, the GSM security measures, in particular the security parameters and the security algorithms, are accessible only to the network operators who have agreed to the international mobile radiotelephone network standard in a common agreement (“Memorandum of Understanding”), and to infrastructure manufacturers. Thus, these security measures can be used only in mobile radio networks, and cannot be used in other networks, e.g. in private networks (corporate networks). An application between the GSM standard and another radiotelephone standard, e.g. the DECT standard (Digital Enhanced Cordless Telecommunication), or an application in a universal communication network (universal personal telecommunication, UPT) is not possible without problems, even if common agreements exist between a network operator of a GSM mobile radiotelephone network and another network operator concerning support of subscriber mobility (roaming) between the networks. There thus exist either agreements only between mobile radiotelephone networks that support the GSM standard, or networks of different radiocommunication standards are possible only through doubled subscriber entries in the subscriber databases of both networks, and thus different authentification methods.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide a method and system for subscriber authentification and/or for encryption of items of information by which the security measures can also be applied, to the smallest possible outlay, in other networks respectively connected with the mobile radiotelephone network.
In general terms the present invention is a method for subscriber authentification and/or for encryption of items of information, in which mobile subscribers identify themselves to a mobile radiotelephone network with a subscriber identity module contained in a subscriber station and are installed in at least one subscriber database of the mobile radiotelephone network and are registered in an authentification center. The center respectively provides security parameters and security algorithms for the mobile subscribers, for the protection of the subscriber data. Subscribers of another network connected with the mobile radiotelephone network via an interface identify themselves with the subscriber identity module. They are set up in at least one subscriber database of the other network. The security parameters for the installed subscriber of the other network are requested via the interface, are provided by the authentification center of the mobile radiotelephone network and are transmitted to the other network via the interface, without the execution of a subscriber entry in the subscriber database of the mobile radiotelephone network. The subscriber authentification for the subscribers of the other network and/or the encryption of the items of information on the basis of the security parameters received from the mobile radiotelephone network are executed in this other network.
Advantageous developments of the present invention are as follows.
The authentification center that respectively provides the security parameters in the mobile radiotelephone network is determined by a subscriber identification that is read from the subscriber identity module by the subscriber station and is sent via the interface.
The security parameters received by the other network are entered into the subscriber database in addition to the subscriber data. The subscriber database is the home database of the subscribers registered in the other network.
Before additional sets of security parameters are made available, one or several sets of security parameters are respectively requested and transmitted via the interface, and the subscriber authentification and/or encryption is carried out.
The mobile radiotelephone network is a cellular mobile radiotelephone network according to the GSM standard, which network provides GSM security parameters for the subscribers of the other network.
Given the use of a radiotelephone subscriber station for the subscribers of the other network, the security algorithms contain measures for the encryption of the items of information to be sent via air between the radiotelephone subscriber station and a base station.
The present invention is also a system for subscriber authentification and/or for encryption of items of information, in which mobile subscribers identify themselves to a mobile radiotelephone network with a subscriber identity module contained in a subscriber station. They are installed in at least one subscriber database of the mobile radiotelephone network and are registered in an authentification center, from which security parameters and security algorithms for the mobile subscribers can respectively be provided for the protection of the subscriber data. The mobile radiotelephone network is connected via an interface with another network whose subscribers identify themselves with the subscriber identity module of their subscriber stations and are installed at least in a subscriber database of the other network. Means are provided in the other network that request security parameters for the installed subscriber of the other network via the interface; means are provided in the respective authentification center of the mobile radiotelephone network that provide the security parameters; means are provided in the mobile radiotelephone network that transmit the security parameters via the interface to the other network, without a subscriber entry in the subscriber database of the mobile radiotelephone network thereby being carried out. Means are provided in the other network that carry out the subscriber authentification for the subscribers of the other network and/or the encryption of the items of information on the basis of the security parameters received by the mobile radiotelephone network.
The security parameters are provided by the mobile radiotelephone network for subscribers of a different network via an interface connecting both networks, without carrying out subscriber entries for these subscribers in the mobile radiotelephone network in at least one subscriber database of the mobile radiotelephone network. The subscribers of the other network thereby identify themselves respectively with the subscriber identity module, and are installed at least in a subscriber database of the other network. The security parameters for the subscribers installed in the other network are requested via the interface, are provided by an authentification center of the mobile radiotelephone network and are transmitted to the other network via the interface. An entering of the subscriber in the subsc
DiLorenzo Anthony
Hayes Gail
Schiff & Hardin & Waite
Siemens Aktiengesellschaft
LandOfFree
Method and system for subscriber authentification and/or... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for subscriber authentification and/or..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for subscriber authentification and/or... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2878451