USH1918HExpiredUtility

Integrated authentication center and method for authentication in a wireless telecommunications network

70
Assignee: DSC CELCORE INCPriority: Sep 26, 1997Filed: Feb 19, 1998Granted: Nov 7, 2000
Est. expirySep 26, 2017(expired)· nominal 20-yr term from priority
H04Q 2213/13034H04Q 2213/13093H04Q 2213/13031H04Q 2213/1316H04Q 2213/13204H04Q 2213/1305H04Q 2213/13299H04Q 2213/13107H04Q 2213/13162H04Q 3/54558H04Q 2213/13095H04W 24/00H04Q 2213/13396H04Q 2213/1336H04Q 2213/13209H04Q 2213/13167H04Q 2213/13166H04Q 3/5455H04Q 2213/13349H04Q 2213/13109H04Q 2213/13103H04Q 2213/13176H04Q 2213/13098H04Q 2213/13292H04Q 11/0414H04W 24/04H04Q 2213/13106G06F 9/542H04W 12/062
70
PatentIndex Score
38
Cited by
28
References
37
Claims

Abstract

In one aspect of the present invention, an integrated authentication center is provided that may be used in an exemplary integrated wireless telecommunications system (14). The integrated authentication center includes an application process, such as a call processing application (54), that includes a plurality of software objects such as a home location register (44) and an authentication center (42). The home location register (44) is implemented in one of the plurality of software objects of the application process and initiates the generation of an authentication set, such as authentication triplets. The authentication center (42) is also implemented in one of the plurality of software objects of the application process and generates the authentication set in response to the home location register (44).

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An integrated authentication center for use in a wireless telecommunications network comprising: an application process comprised of a plurality of software objects;   a home location register implemented in one or more of the plurality of software objects of the application process and operable to initiate the generation of an authentication set; and   an authentication center implemented in one or more of the plurality of software objects of the application process and operable to generate the authentication set in response to the home location register.   
     
     
       2. The integrated authentication center of claim 1, wherein the home location register and the authentication center are implemented in the same one of the plurality of software objects of the application process. 
     
     
       3. The integrated authentication center of claim 2, wherein the home location register initiates the generation of the authentication set by invoking a procedure in the authentication center. 
     
     
       4. The integrated authentication center of claim 1, wherein the authentication set includes a random number and a network signed response. 
     
     
       5. The integrated authentication center of claim 1, wherein the authentication center stores a unique Ki for each associated subscriber. 
     
     
       6. The integrated authentication center of claim 5, wherein the authentication center generates a random number and uses the random number and the Ki as inputs to an A-3 algorithm to generate a signed response. 
     
     
       7. The integrated authentication center of claim 5, wherein the authentication center generates a random number and uses the random number and the Ki as inputs to an A-8 algorithm to generate a Kc. 
     
     
       8. The integrated authentication center of claim 1, wherein the home location register software object initiates the generation of the authentication set by invoking a procedure in the authentication center software object. 
     
     
       9. The integrated authentication center of claim 1, wherein the home location register is further operable to store Mobile Subscriber Integrated Services Digital Network information and International Mobile Subscriber Identity information. 
     
     
       10. The integrated authentication center of claim 1, wherein the application process is implemented as part of a call processor of a wireless telecommunications switch. 
     
     
       11. The integrated authentication center of claim 1, wherein the integrated authentication center is implemented as part of a Global System for Mobile Communications network. 
     
     
       12. The integrated authentication center of claim 1, wherein the integrated authentication center is implemented as part of a wireless telecommunications network that includes Code Division Multiple Access technology. 
     
     
       13. The integrated authentication center of claim 1, wherein the integrated authentication center is implemented as part of a wireless telecommunications network that includes Time Division Multiple Access technology. 
     
     
       14. A wireless telecommunications switch having an integrated authentication center, the wireless telecommunications switch comprising: an application process comprised of a plurality of software objects;   a mobile switching center implemented in one of the plurality of software objects of the application process and operable to control the switching of calls;   a base station controller implemented in one of the plurality of software objects of the application process and operable to manage the radio resources for one or more base station transceivers;   a home location register implemented in one of the plurality of software objects of the application process and operable to initiate the generation of an authentication set; and   an authentication center implemented in one of the plurality of software objects of the application process and operable to generate the authentication set in response to the home location register.   
     
     
       15. The wireless telecommunications switch of claim 14, further comprising: a visitor location register implemented in one of the plurality of software objects of the application process and operable to store information on local subscriber units.   
     
     
       16. The wireless telecommunications switch of claim 15, wherein the mobile switching center and the visitor location register are implemented in the same software object of the application process. 
     
     
       17. A method for authentication in a wireless telecommunications network comprising the steps of: receiving a request from a subscriber for service;   requesting approval from a home location register to provide service to the subscriber;   initiating the generation of an authentication set by an authentication center using a procedure, wherein the home location register and the authentication center are integrated in one or more software objects of an application process;   generating the authentication set; and   communicating a subset of the authentication set to the subscriber.   
     
     
       18. The method of claim 17, further comprising the steps of: generating subscriber authentication information at the subscriber in response to the communicating a subset of the authentication set step;   communicating the subscriber authentication information to the wireless telecommunications network; and   comparing the subscriber authentication information to information provided in the authentication set.   
     
     
       19. The method of claim 18, wherein the authentication set includes a random number and a network signed response, and the subset of the authentication set includes the random number. 
     
     
       20. The method of claim 19, wherein the generating subscriber authentication information step includes using the random number as an input to an A-3 algorithm to generate a subscriber signed response as an output. 
     
     
       21. The method of claim 20, wherein the comparing the subscriber authentication information step includes determining if the subscriber signed response is equivalent to the network signed response. 
     
     
       22. The method of claim 18, wherein the authentication set includes a random number, a network generated signed response and a network generated Kc, and the subset of the authentication set includes the random number. 
     
     
       23. The method of claim 22, wherein the authentication center and the subscriber store a Ki value, and wherein the generating the authentication step and the generating subscriber authentication information step includes using the random number and the Ki value as inputs to an A-3 algorithm to generate the network generated signed response and a subscriber generated signed response as an output, and using the random number and the Ki value as inputs to an A-8 algorithm to generate the network generated Kc and a subscriber generated Kc as an output. 
     
     
       24. The method of claim 23, wherein the comparing the subscriber authentication information step includes determining if the subscriber signed response is equivalent to the network signed response. 
     
     
       25. The method of claim 17, wherein the generating the authentication set step includes generating a random number, a network generated signed response and a network generated Kc. 
     
     
       26. The method of claim 17, wherein the authentication center and the subscriber store a Ki value. 
     
     
       27. The method of claim 17, wherein the wireless telecommunications network is a Global System for Mobile Communications network. 
     
     
       28. The method of claim 17, wherein the authentication set includes a signed response and a random number generated by the authentication center. 
     
     
       29. The method of claim 17, wherein the initiating the generation of an authentication set step includes using the home location register software object to invoke the procedure provided in the authentication center software object to generate the authentication set. 
     
     
       30. The method of claim 17, wherein the authentication center software object is embedded in the same software object as the home location register. 
     
     
       31. The method of claim 17, wherein the initiating the generation of an authentication set step includes sending the subscriber's Ki to the authentication center. 
     
     
       32. The method of claim 17, wherein the initiating the generation of an authentication set step includes sending an algorithm version number to the authentication center. 
     
     
       33. The method of claim 17, wherein the authentication center is operable to store multiple algorithm versions. 
     
     
       34. The method of claim 17, wherein the authentication center and the home location register communicate using inter-object communications. 
     
     
       35. The method of claim 17, wherein the authentication center and the home location register communicate using intra-object communications. 
     
     
       36. The method of claim 17, wherein the authentication center and the home location register are implemented as software objects and the authentication center is embedded in the home location center object. 
     
     
       37. The method of claim 17, wherein a unique Ki for each associated subscriber is stored in a database of the home location register.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.