Cryptography – Communication system using cryptography – Wireless communication
Reexamination Certificate
1998-08-28
2002-10-08
Hayes, Gail (Department: 2131)
Cryptography
Communication system using cryptography
Wireless communication
C380S247000, C455S526000, C455S433000, C455S432300
Reexamination Certificate
active
06463154
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for determining temporary mobile identifiers and managing the use thereof in a wireless system.
2. Description of Related Art
The U.S. currently utilizes three major wireless systems, with differing standards. The first system is a time division multiple access system (TDMA) and is governed by IS-136, the second system is a code division multiple access (CDMA) system governed by IS-95, and the third is the Advanced Mobile Phone System (AMPS). All three communication systems use the IS-41 standard for intersystem messaging, which defines the authentication procedure for call origination, updating the secret shared data, and etc.
FIG. 1
illustrates a wireless system including an authentication center (AC) and a home location register (HLR)
10
, a visiting location register (VLR)
15
, and a mobile
20
. While more than one HLR may be associated with an AC, currently a one-to-one correspondence exists. Consequently,
FIG. 1
illustrates the HLR and AC as a single entity, even though they are separate. Furthermore, for simplicity, the remainder of the specification will refer to the HLR and AC jointly as the AC/HLR. Also, the VLR sends information to one of a plurality of mobile switching centers (MSCs) associated therewith, and each MSC sends the information to one of a plurality of base stations (BSs) for transmission to the mobile. For simplicity, the VLR, MSCs and BSs will be referred to and illustrated as a VLR. Collectively, the ACs, HLRs, VLRs, MSCs, and BSs operated by a network provider are referred to as a network.
A root key, known as the A-key, is stored only in the AC/HLR
10
and the mobile
20
. There is a secondary key, known as Shared Secret Data SSD, which is sent to the VLR
15
as the mobile roams (i.e., when the mobile is outside its home coverage area). The SSD is generated from the A-key and a random seed RANDSSD using a cryptographic algorithm or function. A cryptographic function is a function which generates an output having a predetermined number of bits based on a range of possible inputs. A keyed cryptographic function (KCF) is a type of cryptographic function that operates based on a key; for instance, a cryptographic function which operates on two or more arguments (i.e., inputs) wherein one of the arguments is the key. From the output and knowledge of the KCF in use, the inputs can not be determined unless the key is known. Encryption/decryption algorithms are types of cryptographic functions. So are one-way functions like pseudo random functions (PRFs) and message authentication codes (MACs). The expression KCF
SK
(R
N
′) represents the KCF of the random number R
N
′ using the session key SK as the key. A session key is a key that lasts for a session, and a session is a period of time such as the length of a call. In the IS-41 protocol, the cryptographic function used is CAVE (Cellular Authentication and Voice Encryption).
During procedures such as call origination, registration, updating secret shared data, etc. user identity information is transferred from the mobile to the network as part of the communication. User identity information includes, for example, mobile identification numbers (MIN) and/or electronic serial numbers (ESN). For the purposes of discussion, the term permanent ID will be used to cover one or more elements of mobile identity information. However, using the permanent ID allows an attacker to identify and track a mobile; and thus a mobile user. Many mobile users consider this lack of privacy undesirable.
One technique for maintaining mobile anonymity and protecting privacy involves the use of aliases or temporary IDs (TIDs). Once in place, communication takes place using the TID. However, simple uses of anonymity tend to be ineffective in that they permit an attacker to simulate conditions under which the mobile will reveal its true or permanent ID.
Typically, attacks involve blocking part of the communication between a mobile and the network such that the mobile does not confirm an updated TID and resorts to the previous TID while the network has already updated the TID. With out-of-synch updates, the network does not recognize the mobile, and, in order to re-establish communication, the mobile uses its permanent ID.
SUMMARY OF THE INVENTION
In the method for determining and managing use of temporary mobile identifiers, the network sends a first challenge to the mobile and the mobile response with a first challenge response and a second challenge. Based on the first and second challenges, the mobile and the network respectively generate a new TID. The network and the mobile keep respective TID lists for the mobile, and store the new TID on their respective lists. The TIDs on both lists are stored in chronological order.
As communication between the mobile and the network proceeds, the mobile will confirm a TID on the list based on that communication. When a TID is confirmed, the mobile deletes TIDs older than the confirmed TID from its TID list. Similarly, when the network receives a communication from the mobile including a TID, the network confirms the TID and deletes TIDs older than the confirmed TID from its TID list. During communication with each other, the mobile will use the oldest TID on its TID list, while the network will use the newest TID on its TID list.
By managing the use of TIDs in this fashion, the mobile does not need to reveal its permanent ID even if an out-of-synch condition results. Through the use and management of TID lists, communication between the network and the mobile continues through the use of older TIDs, and the TID lists kept by both the mobile and the network are updated as the TIDs in use are confirmed.
REFERENCES:
patent: 4315101 (1982-02-01), Atalla
patent: 5153919 (1992-10-01), Reeds, III et al.
patent: 5375251 (1994-12-01), Pfundstein
patent: 5761618 (1998-06-01), Lynch et al.
patent: 0447380 (1991-09-01), None
patent: 0978958 (2000-02-01), None
patent: 9826538 (1998-06-01), None
patent: 9848528 (1998-10-01), None
Park, Chang-Seop, On Certificate-Based Security Protocols for Wireless Mobile Communication Systems, IEEE Network, IEEE Inc., New York, U.S., vol. 11, NR. 5, pp. 50-55, XP000699941.
Campanini G. et al., “Privacy, Securiy and User Identification in New Generation Radiomobile Systems”, International Conference on Digital Land Mobile Radio Communications, pp. 152-164.
M. Bellare and P. Rogaway, Entity authentication and key distribution,Advances in Cryptology—Crypto, 1993.
S. Bellovin and M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks,IEEE computer society symposium on research in security and privacy, 72-84 May 1992.
R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, Systematic design of two-party authentication protocols,Advances in Cryptology—Crypto, 1991.
M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo random bits,SIAM J. Computing, 13 No. 4:850-864, 1984.
R. B. Boppana and R. Hirschfeld, Pseudorrandom generators and complexity classes,Advances in Computing Research, 5 (S. Micali, Ed.), JAI Press, CT.
U.S. Department of Commerce/N.I.S.T.,Digital Signature Standard, FIPS 186, May 1994.
O. Goldreich and L.A. Levin, A hard-core predicate for all one way functions,Proceedings of 21stSTOC, 25-32, 1989.
S. Goldwasser and A. Micali, Probabilistic encryption,Journal of Computer and Systems Science, 28: 270-299, 1984.
L. Gong, T. Lomas, R. Needham and J. Saltzer, Protecting poorly chosen secrets from guessing attacks,IEEE Journal on Selected Areas in Communications, 11(5): 648-656, Jun. 1993.
T. Lomas, L. Gong, J. Saltzer and R. Needham, Reducing Risks from Poorly Chosen Keys,Proceedings of the 12thACM Symposium on Operating System Principles, ACM Operating Systems Review, 23(5): 14-18, Dec. 1989.
S. Patel, Information Leakage in Encrypted Key Exchange,Proceedings of DIMACS workshop on Network Threats, 38: 33-40, Dec. 1996.
S. Patel, Number theoretic attacks on se
Harness & Dickey & Pierce P.L.C.
Hayes Gail
Seal James
LandOfFree
Method for determining temporary mobile identifiers and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for determining temporary mobile identifiers and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for determining temporary mobile identifiers and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2991505