Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-11-24
2002-01-08
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S171000, C713S182000, C713S152000, C380S255000, C380S277000, C380S281000
Reexamination Certificate
active
06338140
ABSTRACT:
FIELD OF THE INVENTION
The invention relates, in general, to a method and system for validation and/or authentication of an identity, and, in particular, to a method and apparatus/system for authenticating subscribers in a communications network, such as a wireless, digital, cellular, and/or satellite communications system, using a central host processor. The central processor includes all the interfaces and functions to connect to the communications system, to decode signals and messages, to verify and to validate subscribers in the communications system, and to signal to entities in the system that subscribers are legitimate. This system provides a significant level of protection against fraud and abuse, particularly wireless fraud and abuse.
BACKGROUND OF THE INVENTION
Cellular mobile telephony is one of the fastest growing segments in the worldwide telecommunications market. Between 1984 and 1992, for example, the number of mobile telephone subscribers in the United States grew from around 25,000 to over 10 million. In 1998, the number is estimated to be 58 million and is expected to rise to nearly 90 million by the year 2000.
In a typical cellular radio system, as shown in
FIG. 1
, a geographical area is divided into several radio coverage areas, called cells C
1
-C
14
. These cells are served by a series of radio stations, called base stations B
1
-B
14
. The base stations are connected to and controlled by a mobile switching center (MSC) MSC
1
, MSC
2
. The MSC is in turn connected to the land line (wireline) public switched telephone network (PSTN). The users in the cellular radio system, known as mobile subscribers, are provided with portable (hand-held), transportable or mobile (car-mounted) telephone units, which are collectively called mobile stations.
The mobile stations MS
1
-MS
4
, shown in
FIG. 1
, communicate with a mobile switching center MSC
1
through respective nearby base stations B
1
, B
5
. The MSC switches calls between wireline or landline and mobile subscribers, controls signaling to the mobile stations, compiles billing information, and provides for the operations, maintenance, and testing of the system. The MSCs are also connected together through a signaling network to allow “roaming” across large geographic areas.
In the United States, the Advanced Mobile Phone Service (AMPS) began in 1984. A serious problem which has plagued cellular communications systems is fraud. There have been numerous types of fraudulent use of cellular communications facilities, resulting in significant monetary losses for the operators of those AMPS wireless telephone systems. The fraudulent access has ranged from “roamer” fraud to tumbling to cloning. The most common type of fraud is “cloning.” The Cellular Telecommunications Industry Association (CTIA) reports that losses resulting from cloning exceed $300 million per year in the United States.
Mobile stations or terminals, subject to cloning, typically are identified by a mobile identification number and an electronic serial number. Ordinarily, a mobile identification number (MIN), which is assigned to a subscriber's mobile station or terminal when it is activated, is identical to the dialed directory number or mobile telephone number. An electronic serial number (ESN) is a 32-bit binary number that consists of three parts: the manufacturer code, a reserved area, and a manufacturer-assigned serial number. The ESN, which represents a terminal, is fixed and, supposedly, cannot be changed.
Cloning entails an interloper or “fraudster” capturing the identity of a wireless telephone by using standard test equipment to capture the Electronic Serial Number (ESN) and Mobile identification Number (MIN) of the legitimate user. For example, a standard frequency scanner may be used to scan a common control channel for MIN-ESN combinations transmitted from a mobile station registering with a mobile switching center. The interloper reprograms a mobile station, such as, another mobile telephone, with the captured ESN and MIN. Impersonating the legitimate subscriber, the cloner may then place fraudulent calls, which are charged to the legitimate subscriber.
Such cloning occurs because the original AMPS network did not have the means to validate the wireless use.
FIG. 1
illustrates the telephone systems without authentication. However, in 1991 the Telecommunications Industry Association (TIA) wireless/cellular standards (TR45.3) organization developed a scheme to authenticate subscribers.
Authentication was developed by the cellular industry to prevent cloning. Authentication is the process of validating a user's identify by proving the existence of shared secret data (or a cryptographic key) in the mobile station of the user and the cellular network. Both the mobile station (MS) and the network possess the software protocol, cryptographic algorithms, and key to perform authentication. The general elements for one type of authentication, which is believed to be disclosed in U.S. Pat. No. 5,153,919 to James A. Reeds, III et al., which is incorporated herein by reference, are depicted in FIG.
2
. Unfortunately, this standardized technique is not ubiquitous; MSCs and MSs do not all have software to support the validation.
The authentication mechanism developed by the standards committee for Telecommunications Industry Association (TIA) is shown in FIG.
3
. CAVE is the “Cellular and Voice Encryption” cryptographic algorithm. Through the use of CAVE's “challenge-response” authentication scheme, validation of subscriber identities can occur. The steps in the process shown in
FIG. 4
are the following:
Step S
10
: The telephone, as it powers on, identifies itself to the network with the ESN and MIN.
Step S
12
: The network sends a random number challenge to the phone.
Step S
14
: The phone, using a CAVE cryptographic algorithm, encrypts or “hashs” a number of inputs including the ESN, the MIN and a SSD key to produce an authentication response AUTHR. The SSD (Shared Secret Data) key is derived from the seed A-key.
Step S
16
: The telephone sends AUTHR to the network. Step S
18
: The network performs the same CAVE cryptographic computation.
Step S
20
: The network compares the two responses.
Step S
22
: If the responses (AUTHR) are equivalent, service is granted because the network operator can be quite confident that the subscriber is legitimate.
Step S
24
: If the responses (AUTHR) are not equivalent, service is denied because the network operator cannot be confident that the subscriber is legitimate.
The above authentication scheme has been very effective against fraud. However, three major events must occur before it is absolutely effective against technical fraud. These three events are the following. First, all phones must contain the cryptographic algorithm and protocol. Second, all switches must be upgraded or sold with the cryptographic algorithm. Third, all phones and switches must have the seed cryptographic key (A-key). The authentication scheme in the telephone system is illustrated in FIG.
5
. The authentication may occur in a Mobile Switching Center MSC or in an off-board computer, namely, an authentication center AC.
The deployment of authentication began in 1995. Today approximately 10% of all MSCs have the capability to authenticate. CTIA reports approximately 58 million subscribers exist in North America. Yet, it is estimated that only 10 million of the telephones have the CAVE cryptographic capabilities, designed to the latest standards. Those switches (MSCs) that cannot authenticate are designed to the TIA IS-41 Revision A (Rev. A) standard. The IS-41 Revision C (Rev. C) MSCs can authenticate. It may be years before all MSCs and telephones are “authentication capable” in the AMPS-based air-interface technologies: IS-54B, IS-136, IS-91, IS-95, etc.
FIG. 6
summarizes the current authentication situation for mobile switching centers and telephones. Essentially, as time progresses more and more MSCs and telephones will likely have authentication features.
In Europe and other locations around the world
Davis Alvah B.
Kiswani David T.
Owens Leslie D.
Plecity Mark S.
Yu I-Hsiang
Baker & Hostetler LLP
Iridium LLC
LandOfFree
Method and system for validating subscriber identities in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for validating subscriber identities in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for validating subscriber identities in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2849005