Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1999-01-27
2003-12-16
Appiah, Charles (Department: 2682)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S410000, C380S247000
Reexamination Certificate
active
06665530
ABSTRACT:
BACKGROUND OF THE INVENTION
I. Field of the Invention
The invention relates generally to wireless communication systems, such as mobile telephone systems. More particularly, the invention relates to authentication procedures in mobile telephone systems.
II. Description of the Related Art
When a telephone company first introduces cellular communications into an area, its primary focus is to establish capacity, coverage, and to enlist new customers. As its network grows, the telephone company expects to make profit from the use of its equipment by its customers. However, cellular telephone fraud and cloning, in particular, can significantly impact the ability to profitably operate the communication: system. Cloning is the duplication of a legitimate subscriber unit to seize the legitimate subscriber unit's identity and thus acquire unauthorized telephone service. Such activities also create problems and substantial inconveniences for system users. According to the Cellular Telecommunications Industry Association (CTIA), the annual global loss in revenues due to cloning has exceeded one billion dollars.
An authentication procedure is now used to combat fraudulent access to mobile telephone service. As used herein, authentication refers to the exchange and processing of stored information to confirm a subscriber unit's identity. The authentication procedure is performed by a network to validate the identity of a standard-compliant phone unit, such as an IS-54B, IS-136, IS-91, or IS-95 standard phone. Typically, the authentication procedure is independent of the air-interface protocol used (i.e., CDMA or TDMA).
FIG. 1
is a pictorial diagram of a typical mobile communication system having one or more mobile stations. A mobile telephone system (MTS)
100
typically includes infrastructure components
112
communicating with a plurality of mobile stations (MS)
120
using radio frequency (RF) channels. The infrastructure components include a base station (BS)
110
, a mobile switching center (MSC)
130
, a home location register (HLR)
150
, an authentication center (AC)
160
, and a visitor location register (VLR)
155
. The BS
110
provides the air interface between the MS
120
and the MSC
130
. The MSC
130
coordinates all communications channels and processes, and provides access for the BS
110
to networks, such as a public switched telephone network (PSTN)
140
. The HLR
150
contains a subscriber database
152
. The subscriber database
152
maintains each subscriber's mobile identification number (MIN) and electronic serial number (ESN). The MIN and ESN, taken together, uniquely identify each MS.
Typically, the MSC
130
also includes the visitor location register (VLR)
155
. However, the VLR
155
may be a separate component of the system. The VLR
155
contains a local, temporary subscriber database
157
similar to the permanent subscriber database in the HLR
150
. The information from the HLR
150
and the VLR
155
are used to authorize system access and to authorize billing to a particular billing account. The MSC
130
also interfaces with the AC
160
through the HLR
150
.
The VLR
155
and MS
120
each have access to at least three pieces of information that make up the data used for authentication: the MIN of the mobile, the ESN of the mobile, and a shared secret data (SSD-A) associated with the mobile. The SSD-A is typically derived from an authentication key (A-Key). Each MIN and associated ESN represent a unique combination that may be used to identify a particular legitimate subscriber. The A-Key is a secret value that is unique to each individual subscription. For example, the A-Key may be a 64-bit cryptographic variable key stored in the memory of the MS
120
. The A-Key may, for example, be entered once from the keypad of the MS
120
when the mobile station is first put into service to serve a particular subscriber. The A-Key typically remains unchanged unless its value has been compromised. The MIN and ESN may be transmitted over the air, but the A-Key may not be transmitted over the air.
In North American systems, authentication of an MS utilizes a process commonly referred to as the “CAVE” (cellular authentication and voice encryption) algorithm. The CAVE algorithm is a software-compatible non-linear mixing function having a 32-bit linear-feedback shift register (LFSR), sixteen 8-bit mixing registers, and a 256-entry lookup table. For further details on the CAVE algorithm refer to Common Cryptographic Algorithms cellular standard. Authentication requires both the MS
120
and the infrastructure components
112
of the system to execute the CAVE algorithm with a common set of data to generate an authentication signature. If the authentication signature generated by the MS
120
matches the authentication signature generated by the infrastructure components, then the identity of the MS
120
is authenticated and access to telephone service is granted. Otherwise, the attempt by the MS
120
to access the network is rejected.
The authentication can be performed by either a unique challenge or a broadcast challenge. In a unique challenge, a “RAND” is transmitted to a MS
120
that requests access to the system. The RAND is typically a randomly-generated value used in the authentication process. The RAND for a unique challenge is typically a 24-bit digital value. The MS
120
receives the RAND and executes the CAVE algorithm using the received RAND, the SSD-A, and other data to calculate an authentication signature. The authentication signature is typically an 18-bit digital value. The MS
120
transmits the RAND and the calculated authentication signature to the infrastructure components
112
. The infrastructure components
112
similarly use the CAVE algorithm to calculate an authentication signature based upon the stored values for the SSD-A, the MIN, and the ESN. If the authentication signature received from the MS
120
matches the authentication signature calculated independently by the infrastructure components
112
, then the MS
120
is granted access to service. Otherwise, the MS
120
is denied access to service.
In contrast, in a broadcast challenge, the infrastructure components broadcast a RAND to all MSs
120
on a dedicated broadcast channel (e.g., a cellular paging channel) rather than sending a RAND only to one MS
120
that has requested access. The broadcast challenge is sometimes referred to as the “global challenge.” Typically, a new RAND will be generated and transmitted from time to time. When an MS
120
requests access to service, the MS
120
computes the authentication signature based on, the most recently broadcast RAND prior to any communication with the infrastructure components
112
. In one example, the MS
120
transmits the
8
most significant bits of the RAND and the computed authentication signature to the infrastructure components
112
for verification. Since the infrastructure components
112
send the authentication signature together with the request for services, verification of the authentication signature can begin immediately upon the MS
120
requesting access to service, thereby minimizing delay in call processing.
While broadcast challenges result in faster ;call setup than unique challenges, clone telephones, or other fraudulent intruders have been able to gain unauthorized access to the system by a method commonly known as “replay attacks”. A replay attack allows an intruder to appear to be a legitimate subscriber. As a result, the intruder can make calls that are billed to the legitimate subscriber. In accordance with a replay attack, an intruder monitors the information that is transmitted between an authorized MS
120
and the infrastructure components
112
. The intruder stores the RAND and authorization signature transmitted by the authorized MS
120
to the infrastructure components
112
. When the call ends, the intruder transmits a request for service containing the same RAND and authorization signature as sent previously by the legitimate subscriber. If the RAND has not chan
Broyles Samuel K.
Quick, Jr. Roy Franklin
Appiah Charles
Brown Charles
Macek Kyong
Qualcomm Incorporated
Wadsworth Philip
LandOfFree
System and method for preventing replay attacks in wireless... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for preventing replay attacks in wireless..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for preventing replay attacks in wireless... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3184481