Telecommunications – Radiotelephone system – Zoned or cellular telephone system
Reexamination Certificate
1998-03-09
2001-09-04
Hunter, Daniel (Department: 2749)
Telecommunications
Radiotelephone system
Zoned or cellular telephone system
C455S410000, C455S411000, C455S414200, C455S415000
Reexamination Certificate
active
06285873
ABSTRACT:
BACKGROUND OF THE INVENTION
I. Field of the Invention
The present invention pertains generally to the field of wireless communications, and more particularly to generation of a broadcast challenge value in a cellular base station.
II. Background
The field of wireless communications has many applications including, e.g., cordless telephones, paging, wireless local loops, and satellite communication systems. A particularly important application is cellular telephone systems for mobile subscribers. (As used herein, the term “cellular” systems encompasses both cellular and PCS frequencies.) Various over-the-air interfaces have been developed for such cellular telephone systems including, e.g., frequency division multiple access (FDMA), time division multiple access (TDMA), and code division multiple access (CDMA). In connection therewith, various domestic and international standards have been established including, e.g., Advanced Mobile Phone Service (AMPS), Global System for Mobile (GSM), and Interim Standard 95 (IS-95). In particular, IS-95 and its derivatives, IS-95A, ANSI J-STD-008, etc. (referred to collectively herein as IS-95), are promulgated by the Telecommunication Industry Association (TIA) and other well known standards bodies.
Cellular telephone systems configured in accordance with the use of the IS-95 standard employ CDMA signal processing techniques to provide highly efficient and robust cellular telephone service. An exemplary cellular telephone system configured substantially in accordance with the use of the IS-95 standard is described in U.S. Pat. No. 5,103,459, which is assigned to the assignee of the present invention and fully incorporated herein by reference. The aforesaid patent illustrates transmit, or forward-link, signal processing in a CDMA base station. Exemplary receive, or reverse-link, signal processing in a CDMA base station is described in U.S. application Ser. No. 08/987,172, filed Dec. 9, 1997, entitled MULTICHANNEL DEMODULATOR, which is assigned to the assignee of the present invention and fully incorporated herein by reference. In CDMA systems, power control is a critical issue. An exemplary method of power control in a CDMA system is described in U.S. Pat. No. 5,056,109, which is assigned to the assignee of the present invention and fully incorporated herein by reference.
A primary benefit of using a CDMA over-the-air interface is that communications are conducted over the same RF band. For example, each mobile subscriber unit (typically a cellular telephone) in a given cellular telephone system can communicate with the same base station by transmitting a reverse link signal over the same 1.25 MHz of RF spectrum. Similarly, each base station in such a system can communicate with mobile units by transmitting a forward link signal over another 1.25 MHz of RF spectrum.
Transmitting signals over the same RF spectrum provides various benefits including, e.g., an increase in the frequency reuse of a cellular telephone system and the ability to conduct soft handoff between two or more base stations. Increased frequency reuse allows a greater number of calls to be conducted over a given amount of spectrum. Soft handoff is a robust method of transitioning a mobile unit from the coverage area of two or more base stations that involves simultaneously interfacing with two base stations. (In contrast, hard handoff involves terminating the interface with a first base station before establishing the interface with a second base station.) An exemplary method of performing soft handoff is described in U.S. Pat. No. 5,267,261, which is assigned to the assignee of the present invention and fully incorporated herein by reference.
As understood by those of skill in the art, CDMA technology can be applied to wireless local loop systems and satellite communication systems in addition to cellular systems.
In cellular telephone systems generally, mobile subscriber units, or mobile stations, must be authenticated by the base station prior to being allowed access to services such as telephone connections. Cellular communications standards typically define procedures for authentication of mobile stations using service provided by the cellular infrastructure (base stations and/or base station controllers). Cellular standards published by the TIA provide two methods for authenticating mobile stations. The methods are called the “unique challenge” method and the “broadcast challenge” method. TIA standards using these methods include IS-91 (an AMPS standard), IS-54 (a TDMA standard defining analog control channels), IS-136 (a TDMA standard defining digital control channels), and IS-95.
The unique challenge method is well known to those of skill in the art. Under the unique challenge method, the cellular infrastructure equipment sends a challenge value to a mobile station, and the mobile station sends back a response that is computed from the challenge, the mobile station identifier, and secret data known only to the base station and the legitimate mobile station having the particular identifier. If the response is correct, the cellular infrastructure provides access to services such as telephone connections. The unique challenge has the disadvantage that the time required to complete the challenge-response process can be relatively long and can unduly delay call setup. For this reason, the broadcast challenge method has been included in TIA cellular standards as a means of providing rapid authentication of requests for access to cellular services.
Under the broadcast challenge method, the challenge value (typically denoted “RAND”) is broadcast on cellular control channels. A mobile station that requests access to cellular services uses the broadcast challenge value in computing a response to the challenge, the response being computed using the challenge, the mobile station identifier, and secret information known only to the base station and the mobile station with that identifier. The mobile station includes the response in its request for service.
The broadcast method can be subject to “replay” attacks in which a fraudulent mobile station monitors the communications from legitimate mobile stations and reuses both the identifier for the legitimate mobile station and the response of that station to the broadcast challenge. There exists various known methods for thwarting the replay attack. Nevertheless, a primary conventional means of thwarting replay attacks is to change the broadcast challenge value frequently. If the broadcast challenge value is changed with an update interval comparable to the duration of a typical telephone call, then replay attacks can be thwarted simply by denying accesses that appear to come from the same mobile station while a call is already in progress from that mobile station. At present, the expected duration of a cellular telephone call is approximately one minute.
However, such frequent changes of RAND can be difficult for centrally managed infrastructure equipment because the RAND value is transmitted from a large number of cell sites, and all equipment in all cell sites must be updated in order to change RAND. This places a substantial communication burden on the internal control system of the cellular infrastructure. Additionally, the updating of RAND requires that the mobile station identify which value of RAND was used to compute the response. As the mobile station may have begun its access just as an update of RAND began, it is possible for the mobile station to use the previous value of RAND rather than the updated value. Therefore, it is desirable that the cellular infrastructure not compute and accept responses for all recent values of RAND because the computation of the expected response can be slow, and because this decreases the effectiveness of RAND by increasing the likelihood that a randomly chosen response might succeed.
However, it is desirable to minimize the number of bits that must be sent on the air interface to conserve bandwidth and enhance the robustness of signaling transmission. Therefore, TIA standards for mobile
Hunter Daniel
Qualcomm Incorporated
Rouse Thomas R.
Wadworth Philip R.
Woldetatios Yemane
LandOfFree
Method for generating a broadcast challenge value does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for generating a broadcast challenge value, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for generating a broadcast challenge value will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2508122