Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-08-28
2003-07-08
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S270000
Reexamination Certificate
active
06591364
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for establishing a session key in a wireless system.
2. Description of Related Art
The U.S. currently utilizes three major wireless systems, with differing standards. The first system is a time division multiple access system (TDMA) and is governed by IS-136, the second system is a code division multiple access (CDMA) system governed by IS-95, and the third is the Advanced Mobile Phone System (AMPS). All three communication systems use the IS-41 standard for intersystem messaging, which defines the authentication procedure for call origination, updating the secret shared data, and etc.
FIG. 1
illustrates a wireless system including an authentication center (AC) and a home location register (HLR)
10
, a visiting location register (VLR)
15
, and a mobile
20
. While more than one HLR may be associated with an AC, currently a one-to-one correspondence exists. Consequently,
FIG. 1
illustrates the HLR and AC as a single entity, even though they are separate. Furthermore, for simplicity, the remainder of the specification will refer to the HLR and AC jointly as the AC/HLR. Also, the VLR sends information to one of a plurality of mobile switching centers (MSCs) associated therewith, and each MSC sends the information to one of a plurality of base stations (BSs) for transmission to the mobile. For simplicity, the VLR, MSCs and BSs will be referred to and illustrated as a VLR. Collectively, the ACs, HLRs, VLRs, MSCs, and BSs operated by a network provider are referred to as a network.
A root key, known as the A-key, is stored only in the AC/HLR
10
and the mobile
20
. There is a secondary key, known as Shared Secret Data SSD, which is sent to the VLR
15
as the mobile roams (i.e., when the mobile is outside its home coverage area). The SSD is generated from the A-key and a random seed RANDSSD using a cryptographic algorithm or function. A cryptographic function is a function which generates an output having a predetermined number of bits based on a range of possible inputs. A keyed cryptographic function (KCF) is a type of cryptographic function that operates based on a key; for instance, a cryptographic function which operates on two or more arguments (i.e., inputs) wherein one of the arguments is the key. From the output and knowledge of the KCF in use, the inputs can not be determined unless the key is known. Encryption/decryption algorithms are types of cryptographic functions. So are one-way functions like pseudo random functions (PRFs) and message authentication codes (MACs). The expression KCF
SK
(R
N
′) represents the KCF of the random number R
N
′ using the session key SK as the key. A session key is a key that lasts for a session, and a session is a period of time such as the length of a call.
In the IS-41 protocol, the cryptographic function used is CAVE (Cellular Authentication and Voice Encryption). When the mobile
20
roams, the VLR
15
in that area sends an authentication request to the AC/HLR
10
. If operating in an unshared mode, the AC/HLR
10
, using the VLR
15
as a communication conduit, authenticates the mobile
20
using the SSD associated with the mobile
20
. However, in the shared mode, the AC/HLR
10
responds to the authentication request by sending the mobile's SSD to the VLR
15
. Once the VLR
15
has the SSD, it can authenticate the mobile
20
independently of the AC/HLR
10
. For security reasons, the SSD is periodically updated.
The SSD is 128 bits long. The first 64 bits serve as a first SSD, referred to as SSDA, and the second 64 bits serve as a second SSD, referred to as SSDB. The SSDA is used in the protocol to update the SSD, and the mobile
20
and the network generate session keys using SSDB. In updating the SSD, IS-41 provides of measure of security by performing mutual authentication (i.e., the mobile and the network authenticate one another) during the update process. However, in generating session keys, IS-41 does not provide for mutual authentication.
SUMMARY OF THE INVENTION
In the method for establishing a session key, a network and a mobile transfer codes between one another. The mobile uses these codes to authenticate the network, and the network uses these codes to authenticate the mobile. Besides performing this mutual authentication, the codes are used by the mobile and the network to establish the session key. In one embodiment, communication efficiency is improved by sending messages, forming part of the intended session, with the codes. Furthermore, the codes for performing mutual authentication are derived based on the messages.
REFERENCES:
patent: 4649233 (1987-03-01), Bass et al.
patent: 5153919 (1992-10-01), Reeds, III et al.
patent: 5594795 (1997-01-01), Dent et al.
patent: 6058309 (2000-05-01), Huang et al.
Bird et. al., Systemtic Design of Two-Party Authentication Protocols, Crypto 91, pp. 44-61.*
Park, Chang-Seop: “On Certificate-Based Security Protocols for Wireless Mobile Communication Systems”, IEEE Network: The Magazine of Computer Communications, US, IEEE Inc. New York, vol. 11, No. 5, Sep. 1, 1997, pp. 50-55.
Brown D: “Techniques for Privacy and Authentication in Personal Communication Systems a well Designed P&A Technique is Necessary to Protect Assets”, IEEE Personal Communications, US, IEEE Communications Society, vol. 2, No. 4, Aug. 1, 1995, pp. 6-10.
Aziz A et al.: “Privacy and Authentication for Wireless Local Area Networks a Secure Communications Protocol to Prevent Unauthorized Access”, IEEE Personal Communications, US, IEEE Communications Society, vol. 1, No. 1, Mar. 31, 1994, pp. 25-31.
M. Bellare and P. Rogaway, Entity authentication and key distribution,Advances in Cryptology—Crypto, 1993.
S. Bellovin and M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks,IEEE computer society symposium on research in security and privacy, 72-84 May 1992.
R. Bird and I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung, Systematic design of two-party authentication protocols,Advances in Cryptology—Crypto, 1991.
M. Blum and S. Micali, How to generate cryptographically strong sequences of pseudo random bits,SIAM J. Computing, 13 No. 4:850-864, 1984.
R. B. Boppana, R. Hirschfeld, Pseudorrandom generators and complexity classes,Advances in Computing Research, 5 (S. Micali, Ed.), JAI Press, CT.
U.S. Department of Commerce/N.I.S.T.,Digital Signature Standard, FIPS 186, May 1994.
O. Goldreich and L. A. Levin, A hard-core predicate for all one way functions,Proceedings of 21stSTOC, 25-32, 1989.
S. Goldwasser and A. Micali, Probabilistic encryption,Journal of Computer and Systems Science, 28: 270-299, 1984.
L. Gong, T. Lomas, R. Needham and J. Saltzer, Protecting poorly chosen secrets from guessing attacks,IEEE Journal on Selected Areas in Communications, 11(5): 648-656, Jun. 1993.
EIA/TIA, Cellular RadioTelecommunications Intersystem Operations IS-41 Rev. D, 1997.
T. Lomas, L. Gong, J. Saltzer and R. Needham, Reducing Risks from Poorly Chosen Keys,Proceedings of the 12thACM Symposium on Operating System Principles, ACM Operating Systems Review, 23(5): 14-18, Dec. 1989.
S. Patel, Information Leakage in Encrypted Key Exchange,Proceedings of DIMACS workshop on Network Threats, 38: 33-40, Dec. 1996.
S. Patel, Number theoretic attacks on secure password schemes,IEEE symposium on security and privacy, 236-247, May 1997.
S. Patel, Weaknesses of the north american wireless authentication protocol,IEEE Personal Communications, 40-44, Jun., 1997.
A. C. Yao, Theory and applications of trapdoor functions,Proceedings of 23rdFOCS, 80-91, 1982.
M. Beller, L. Chang and Y. Yacobi, Privacy and authentication on a portable communication system,IEEE J. Selected Areas in Communications, 11(6): 821-829, 1993.
C. Carroll, Y. Frankel and Y. Tsiounis, Efficient key distribution for slow computing devices: Achieving fast over the air activation for wireless system,IEEE symposium on security and privacy, May 1998.
TIA/EIA Interim Standard,Over-the Air Service Provisioning
Hayes Gail
Lucent Technologies - Inc.
Seal James
LandOfFree
Method for establishing session key agreement does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for establishing session key agreement, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for establishing session key agreement will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3010657