Cryptography – Cellular telephone cryptographic authentication
Reexamination Certificate
1998-03-24
2001-03-06
Barron, Jr., Gilberto (Department: 2767)
Cryptography
Cellular telephone cryptographic authentication
C455S411000
Reexamination Certificate
active
06198823
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to a method for providing a cellular-phone with expedited call processing and a more secure calling environment, and the present invention relates more specifically to a method for performing the transmission and calculation of messages/data utilized in an authentication procedure over more than one call so that each call proceeds faster and the decoding of the user's unique key through the scanning of any single call is made substantially impossible.
BACKGROUND INFORMATION
In recent years, the use of cellular phones for both personal and business related communication has become more popular. The obvious appeal of wireless service is the portability of the telephone, with users no longer confined to a particular space or address. However, this portability also poses a dilemma for the cellular telephone system provider, which must determine the identity of the individual making or authorizing the call for billing purposes and decide if the individual is a subscriber i.e., determine whether the individual is entitled to make the call at all.
One common way to “authenticate” callers, i.e., verify that they are who they claim to be, is set forth in FIG.
3
. Each subscriber is provided with a unique, secret “key,” which is also maintained in a database record kept by the cellular service provider, i.e., at the cellular service provider station. When a user wishes to make a call from a cellular terminal, i.e., when the user's phone goes off the hook, then in Step
202
, the cellular-service provider transmits a signal representing a random number to the terminal. In Step
203
, the terminal encrypts the random number with the user's unique key and a predetermined algorithm. Then in Step
204
, the encrypted result is transmitted back to the cellular-service provider. There, the same random number is encrypted, again with the user's unique key and the same predetermined algorithm. In Step
206
this encrypted result independently calculated by the cellular service provider is compared with that transmitted from the cellular terminal. If the comparison is a match, the caller is “authenticated” and the call is allowed to proceed. Otherwise, authentication fails, and the user is refused access to the cellular network.
Unfortunately, the above described authentication procedure is not entirely satisfactory. It involves extensive calculation at both the user's terminal and the cellular service provider, as well as a number of transmissions between the two. Since a call is not allowed to proceed until the entire authentication is completed, call processing may be significantly delayed.
In addition, it is relatively simple to scan or monitor cellular phone transactions such as the above-described authentication procedure. Therefore, an unauthorized individual can easily obtain the random number and encrypted response transmitted between the terminal and the cellular service provider. In addition, the predetermined algorithm used in encryption will often be well known in the art, e.g., CAVE algorithm. Thus, the only unknown for the unauthorized individual intending to circumvent the authentication security procedure via scanning is the user's unique key, which unfortunately may be decoded once the random number, encrypted result and ciphering algorithm are known. In fact, unauthorized cellular phone use is not unusual, and has significantly increased the industry's cost of doing business.
Therefore, what is needed is an improved authentication procedure which does not unduly delay call processing and at the same time renders unauthorized cellular use less likely.
SUMMARY OF THE INVENTION
It is an object of the present invention to greatly increase the difficulty of stealing and/or decoding of cellular phone encryption keys.
It is another object of the present invention to prevent fraudulent cellular use occurring as a result of interception of transmission of encryption key data.
It is yet another object of the present invention to provide a user-authentication for cellular-phone use, which method distributes transmission and calculation of messages/data utilized in the authentication method over more than one call.
The present invention achieves the above objects by providing an alternative to the conventional authentication procedure. In accordance with the present invention, when a subscriber signs on for service, the subscriber is provided with a unique key and an initial encrypted number. The initial encrypted number may be stored in the subscriber's terminal. The cellular-service provider's Home Location Register also stores the same unique key and initial encrypted number in a database record associated with the subscriber.
Once these preliminary steps are taken, the following improved authentication procedure according to the present invention may be utilized. When the subscriber's terminal goes off hook, i.e., when the user intends to make or receive calls, the encrypted result stored in the terminal is transmitted to the cellular-service-provider station which compares the result to its own stored encrypted result. If the results match, the call is allowed to proceed. If not, the user is rejected access to the cellular network.
During the call, the cellular-service-provider station transmits a random number to the terminal. The terminal and cellular-service-provider station then independently encrypt the random number with the same ciphering algorithm and user's unique key. The encrypted results are then stored at their respective locations at the terminal and cellular-service-provider station, replacing the encrypted results stored earlier. These encrypted results are in turn used the next time access to the cellular network is desired, i.e., the next time the phone goes off hook. Each subsequent time the phone goes off hook, the authentication procedure is again initiated from the terminal with transmission of its previously stored encrypted result for comparison at the cellular-service-provider station.
As should be clear from the above description, the improved authentication procedure according to the present invention allows call processing to proceed more quickly. The call is allowed to proceed immediately, after transmission of an encrypted result from the terminal and a successful comparison of the encrypted result at the cellular-service-provider station. Call processing is not delayed by the transmission of the random number, or by any calculation at the cellular provider station or the terminal, as these take place after access to the cellular network is already allowed.
In addition, the authentication procedure according to the present invention is an improvement on current practice in that the random number and the encrypted result obtained from that random number are not transmitted during the same call. Rather, for each call attempt, the previously stored encrypted result (obtained from the random number transmitted during the preceding call) and a new, unrelated random number (used to obtain a new encrypted result for a future call) are transmitted. Without both the encrypted result and the random number used to obtain it, it is substantially harder to determine the user's unique key. Furthermore, it would be impossible to decode the user's unique key by scanning just one call. Persons using a scanner to obtain information transmitted between the terminal and cellular-service-provider station would have to scan two distinct calls to have any possibility of decoding the user's key. As these calls may be hours or days apart, the possibility of decryption is significantly reduced.
Further objects and advantages of the present invention will become apparent from a review of the detailed description provided below.
REFERENCES:
patent: 5123047 (1992-06-01), Rosenow
patent: 5237612 (1993-08-01), Raith
patent: 5282250 (1994-01-01), Dent et al.
patent: 5325432 (1994-06-01), Gardeck et al.
patent: 5390252 (1995-02-01), Suzuki et al.
patent
Barron Jr. Gilberto
DSC Telecom L.P.
Kenyon & Kenyon
LandOfFree
Method for improved authentication for cellular phone... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for improved authentication for cellular phone..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for improved authentication for cellular phone... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2506504