CA2063447C - Method for authentication and protection of subscribers in telecommunication systems - Google Patents
Method for authentication and protection of subscribers in telecommunication systemsInfo
- Publication number
- CA2063447C CA2063447C CA002063447A CA2063447A CA2063447C CA 2063447 C CA2063447 C CA 2063447C CA 002063447 A CA002063447 A CA 002063447A CA 2063447 A CA2063447 A CA 2063447A CA 2063447 C CA2063447 C CA 2063447C
- Authority
- CA
- Canada
- Prior art keywords
- communication unit
- unit
- subscriber
- modified
- arbitrary value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Radio frequency based cellular telecommunication systems often require a subscriber to maintain a proprietary identifier or serial number which is transmitted to a fixed network communi-cation unit to verify the authenticity of the subscriber. Unauthorized detection of these proprietary ID's is substantially decreased by this invention. This invention describes an enciphering method and call sequencing method which when combined, provides substantial protection for the sub-scriber against unauthorized detection of their proprietary identifiers.
Description
WO 9~/01067 2~ 7 PCIJUS90/0329 METHOD FOR AUTHENTICATION AND PROTECTION OF
SUBSCRIBERS IN TELECOMMUNICATION
SYSTEMS.
TECHNICAL FIEL~
This invention relates generally to communication systems and more particularly to radio frequency (RF) cellular s telecommunicat!on systems.
BACKGROUND OF THE INVENTION
Cellular radio telephone systems typicaily include subscriber units (such as mobile or portable units) which communicate with a fixed network communication unit via RF
transmissions. A typical fixed communication network includes at least a base station and a switching center. One responsibility of the fixed network communication unit is to grant use of the communication system to the subscriber unit after the requesting subscriber unit meets the authentication requirements of the system. In a typical cellular teiephone communication system, each subscriber unit is assigned a telephone number (mobile identification number) (MIN) and an 20 identification number (or serial number) (SN) which uniquely identifies the subscriber to any fixed network communication unit. Each subscriber unit has a unique identification number that distinguishes it from other subscriber units. The fixed network communication unit has access to these identification 2s numbers through a database. Often these numbers are used by the fixed network communication units to bill subscribers for the time the subscriber uses the system. When the subscriber calls another unit, he enters the phone number he wishes to call. The dialed phone number becomes the data to be sent to WO 91~01067 ~ ~ `PCI/US90/03290 the fixed network communication unit. Data ~ay also include other information regarding a third communication unit such as a unit's location.
Detection of a legitimate subscriber's identificatior~
s number may be acc~mplished by RF eavesdropping or by purposeful or inadvertent divulgence of the MIN/SN
combination by the radio telephone installer. Once the subscriber's telephone number and identification number is known (stolen), a thief may reprogram another subscriber unit with the stolen identification number causing two or more subscriber units to have the same MIN/SN combination.
Cellular radio telephone systems have authentication procedures to deny access to subscribers not having legitimate identification numbers, but do not have the capability to ~detect multiple users or effectively neutralize the effect of an installer leaking subscriber identification numbers.
Therefore, the legitimate user is billed for both the thief's use and his own use.
Several authentication techniques are known. EIA-553 20 section 2.3 specifies that each subscriber shall have a MIN and a factory set SN. The telephone number which the subscriber is attempting to contact is the data that is transmitted by the~
subscriber to the fixed network communication unit.
Authentication is granted by this system if the MIN and 2s corresporiding SN are found in the fixed network communication unit database. Unfortunately, EIA-553 does not require the encipherment of the MIN or SN before transmission to the fixed network communication unit thereby permitting direct RF detection of any MIN or SN. In addition, this 30 ~ technique fails to provide protection against a thief that - acquires a MIN/SN from an installer.
Another authentication technique is described in European cellular communication system recommendations generated by the Groupe Special Mobile (GSM); see sections:
WO 91/01067 ~ PCT/US90103290 ~ 9 7 02.09, 02.17, 03.20, and 12.03. This method additionally requires the subscriber to openly transmit a temporary mobile subscriber ID (TMSI) to the fixed network communication unit;
the fixed network communication unit generates and sends a s random number (RAND) to the subscriber. The enciphering technique requires the subscriber unit to autonomously retrieve at least three enciphering elements from its memory:
a predetermined ciphering key, an SN (individual subscriber authentication key) and a MIN (international mobile subscriber identification number - IMSI). The subscriber then enciphers its SN and MIN using the cipher to construct the RAND into a signed response (SRES). The subscriber unit transmits this signed response back to the fixed network communication unit where the fixed network communication unit checks the SN, MIN, and ciphering key against its database using the subscriber's temporary ID (TMSI).
The fixed network communication unit generates its response to the same random number using the information retrieved from the database and compares the subscriber 20 signed response to the fixed network communication unit generated response. If the responses are substantially equivalent, authentication is confirmed. The dialed telephone number is only allowed to be transmitted after authentication is granted. This system affords some protection against a 2s thief that acquires the MIN/SN from an installer by enciphering the SN and reassigning a temporary TMSI each time the subscriber enters a different cell area.
Although one technique enciphers the subscriber's serial number before transmission, neither system detects multiple 30 users. Detection of thieves once they acquire access is important to maintaining a secure system. Moreover, the random number transmission (required for encipherment) necessitates additional communication between the subscriber unit and the fixed network communication unit each time a call .
wo 91/01067 Pcr/~sso/032so - ~ 4 is made which increases the probability of transmission error and adds a transmission step to the fixed network communication unit's authentication protocol routine. In addition, authenticàtion must be verified before the system s will allow data to be accepted. Therefore data must be sent after the steps of the authentication procedure are complete.
There exists a need for a substantially enhanced authentication technique for a cellular telecommunication system that detects fraudulent users and efficiently protects identification numbers from unauthorized detection. The authentication method should restrict an illegitimate use!'s capacity to utilize the system in the case where access is inadvertently granted. Further, an adequate level of security resulting from encipherment should not require additional _ transmission processes or inject higher error levels during the authenticaticn process.
, . ~= ERIEF SUMMARY OF THE INVENTION
These needs and others are substantially met through provision of the method for authentication and protection of subscribers in telecommunication systems disclosed below.
SUBSCRIBERS IN TELECOMMUNICATION
SYSTEMS.
TECHNICAL FIEL~
This invention relates generally to communication systems and more particularly to radio frequency (RF) cellular s telecommunicat!on systems.
BACKGROUND OF THE INVENTION
Cellular radio telephone systems typicaily include subscriber units (such as mobile or portable units) which communicate with a fixed network communication unit via RF
transmissions. A typical fixed communication network includes at least a base station and a switching center. One responsibility of the fixed network communication unit is to grant use of the communication system to the subscriber unit after the requesting subscriber unit meets the authentication requirements of the system. In a typical cellular teiephone communication system, each subscriber unit is assigned a telephone number (mobile identification number) (MIN) and an 20 identification number (or serial number) (SN) which uniquely identifies the subscriber to any fixed network communication unit. Each subscriber unit has a unique identification number that distinguishes it from other subscriber units. The fixed network communication unit has access to these identification 2s numbers through a database. Often these numbers are used by the fixed network communication units to bill subscribers for the time the subscriber uses the system. When the subscriber calls another unit, he enters the phone number he wishes to call. The dialed phone number becomes the data to be sent to WO 91~01067 ~ ~ `PCI/US90/03290 the fixed network communication unit. Data ~ay also include other information regarding a third communication unit such as a unit's location.
Detection of a legitimate subscriber's identificatior~
s number may be acc~mplished by RF eavesdropping or by purposeful or inadvertent divulgence of the MIN/SN
combination by the radio telephone installer. Once the subscriber's telephone number and identification number is known (stolen), a thief may reprogram another subscriber unit with the stolen identification number causing two or more subscriber units to have the same MIN/SN combination.
Cellular radio telephone systems have authentication procedures to deny access to subscribers not having legitimate identification numbers, but do not have the capability to ~detect multiple users or effectively neutralize the effect of an installer leaking subscriber identification numbers.
Therefore, the legitimate user is billed for both the thief's use and his own use.
Several authentication techniques are known. EIA-553 20 section 2.3 specifies that each subscriber shall have a MIN and a factory set SN. The telephone number which the subscriber is attempting to contact is the data that is transmitted by the~
subscriber to the fixed network communication unit.
Authentication is granted by this system if the MIN and 2s corresporiding SN are found in the fixed network communication unit database. Unfortunately, EIA-553 does not require the encipherment of the MIN or SN before transmission to the fixed network communication unit thereby permitting direct RF detection of any MIN or SN. In addition, this 30 ~ technique fails to provide protection against a thief that - acquires a MIN/SN from an installer.
Another authentication technique is described in European cellular communication system recommendations generated by the Groupe Special Mobile (GSM); see sections:
WO 91/01067 ~ PCT/US90103290 ~ 9 7 02.09, 02.17, 03.20, and 12.03. This method additionally requires the subscriber to openly transmit a temporary mobile subscriber ID (TMSI) to the fixed network communication unit;
the fixed network communication unit generates and sends a s random number (RAND) to the subscriber. The enciphering technique requires the subscriber unit to autonomously retrieve at least three enciphering elements from its memory:
a predetermined ciphering key, an SN (individual subscriber authentication key) and a MIN (international mobile subscriber identification number - IMSI). The subscriber then enciphers its SN and MIN using the cipher to construct the RAND into a signed response (SRES). The subscriber unit transmits this signed response back to the fixed network communication unit where the fixed network communication unit checks the SN, MIN, and ciphering key against its database using the subscriber's temporary ID (TMSI).
The fixed network communication unit generates its response to the same random number using the information retrieved from the database and compares the subscriber 20 signed response to the fixed network communication unit generated response. If the responses are substantially equivalent, authentication is confirmed. The dialed telephone number is only allowed to be transmitted after authentication is granted. This system affords some protection against a 2s thief that acquires the MIN/SN from an installer by enciphering the SN and reassigning a temporary TMSI each time the subscriber enters a different cell area.
Although one technique enciphers the subscriber's serial number before transmission, neither system detects multiple 30 users. Detection of thieves once they acquire access is important to maintaining a secure system. Moreover, the random number transmission (required for encipherment) necessitates additional communication between the subscriber unit and the fixed network communication unit each time a call .
wo 91/01067 Pcr/~sso/032so - ~ 4 is made which increases the probability of transmission error and adds a transmission step to the fixed network communication unit's authentication protocol routine. In addition, authenticàtion must be verified before the system s will allow data to be accepted. Therefore data must be sent after the steps of the authentication procedure are complete.
There exists a need for a substantially enhanced authentication technique for a cellular telecommunication system that detects fraudulent users and efficiently protects identification numbers from unauthorized detection. The authentication method should restrict an illegitimate use!'s capacity to utilize the system in the case where access is inadvertently granted. Further, an adequate level of security resulting from encipherment should not require additional _ transmission processes or inject higher error levels during the authenticaticn process.
, . ~= ERIEF SUMMARY OF THE INVENTION
These needs and others are substantially met through provision of the method for authentication and protection of subscribers in telecommunication systems disclosed below.
2~ This method describes an authentication technique for use between a first communication unit, such as a subscriber unit, and a second communication unit, such as a fixed network communication unit, wherein the first cornmunication unit modifies an ID, known to both the first communication unit and 30 the second communication unlt (such as a serial number), using data as one enciphering key and a second ID (such as a Personal Identification Number - PIN) as the other enciphering key. An historic non-arbitrary valu~ of predetermined communication events, such as a count of the number of telephone calls made . .
.
wo 91/01067 Pcr/lJsso/o32so ~ 2~ 4~ ~
by a subscriber, is maintained in both the first and second communication units. This value (count) is historic because it represents past telephone calls attributed to a communication unit, and it is non-arbitrary because this history of s transactions (i.e., number of calls made) serves to identify an out-of-sync communication unit.
The first communication unit transmits (via RF signals) the modified ID and count to a second communication unit. The second communication unit compares the count maintained by o the first communication unit to the count maintained by the second unit. A count discrepancy indicates a different number of calls on one unit indicating a multiple user whose count is out of sequence. The second communication unit performs the same enciphering method on the known serial number using the data received and a known second ID. The second communication unit compares the received modified serial number and the serial number generated by the fixed network communication unit to determine if the serial number is valid.
The invention is designed to substantially decrease 20 unauthorized use of a first ID of a communication unit. The authentication method does not require the second ID to ever be transmitted by RF.
This invention provides a means for detecting multiple subscribers using the same serial numbers and telephone 25 numbers. Moreover, if a multiple user copies the information transmitted and uses the same information to access the system, the multiple user will be limited to only calling the telephone number that is in the authentication message; not a telephone number of his own choice. This authentication 30 invention also reduces authentication errors by making more efficient use of the data transmitted and a second ID, by using them as a part of the cipher; the enciphering means does not require an additional RAND stream to be sent by a fixed network communication unit to be used as the common WO 91/01067 $~ PCI/US90/03290 enciphering base and thereby eliminates this additional transmission and therefore decreases the probability of errors.
BRIEF DESCRIPTION OFTHE DRAWINGS
s : : ~
FIG. 1 is a block dia3ram of a typical subscriber communication unit and fixed network communication unit.
FIG. 2 is a fiow chart of the identification enciphering method used by a subscriber communication unit.
FIG. 3 is a flow chart of the authentication~ method used by a fixed network communication unit in accordance with the invention .
BEST MODE OF OPERATIO~i FIG. 1 generally depicts a subscriber communication unit (10) such as a subscriber telephone and a fixed network communication unit (20) such as a cellular telephone basesite and switching center. The subscriber communication unit (10) is comprised of a microprocessing stage (12), a non-volatile memory unit (11), a radio frequency (RF) sta~e (13), all as well understood in the art. Additional elements include a data input stage (14~ such as a key entry pad on a telephone (to enter a :telephone number - data), a subscriber call sequence counter 2s -(15), and an output from an enciphering stage referrèd to as the enciphered serial number (16).
Within the non-volatile memory unit (11 ) resides the serial number (18) (for the subscriber unit), the PIN (19), and the subscriber telephone number (17) (which can have, for 30 example, characteristics of a Mobile Identification Number (MIN)). The PIN is a second ID known only to the subscriber unit and the fixed network unit. For example, it should not be available to an installer of the subscriber unit, it ~hould only be available to a legitimate user of a subscriber unit and a U'O 9~/01067 pr~r/usso/o329o ~ 0 6 3 ~ 4 7 _ ~
fixed network communication unit database. The subscriber need only enter the PIN one time to activate it. The PIN may be changed by the subscriber, but the change must also be made known to the fixed network unit. These identifiers need not s necessarily be numbers but may correspond to any attribute capable of being identified by the fixed network communications unit. An alternative embodiment, for examp~e, in a cellular system, may include a stored look up table containing multiple sets of serial numbers, PlN`s, and telephone numbers with each set of identifiers corresponding to a specific cellular area or fixed network communication u n it .
The fixed network communication unit (20) includes a switching center which is comprised of a microprocessing stage (22), a database (23), and a link to a basesite radio frequency stage (21), all as well understood in the art.
Additional elements include a fixed network unit call sequence counter (24) and an enciphered serial number generated by the fixed network unit (2~).
The database includes information regarding the subscriber unit's: serial number (28), PIN (27), and subscriber telephone number (26); the information includes a stored copy of the serial number (28), PIN (27), and the subscriber telephone number (26). The serial number (18), PIN (19), and telephone number (17) of the subscriber communication unit (10) correspond to the serial number (28), PIN (27), and telephone number (26) as stored in the fixed network communication unit (20). Communication between the subscriber communication unit (10) and the fixed network communicafion unit (20) is accomplished via RF transmissions between the two units in accordance with well understood cellular system techniques.
When authentication i~ required of the subscriber communication unit (10), the subscriber unit enciphers its } ~ `2~634~47 - ` . ~ = 8 serial number (18) and increments its call sequence counter (15). FIG. 2 depicts the method used by a subscriber communication unit to encipher its serial number before transmission to a fixed network communication unit during an s authentication request (29). This method requires use of two enciphering keys. The subscriber unit obtains the called telephone number (data) (30) and obtains PIN (31) from memory and uses at least parts of these two components as the enciphering keys to encipher its serial number (32). If PIN
and the called telephone number are comprised of bits, the parts of these keys to be used are the conterlts of the bits and the bit length of each key. For example, an enciphered serial number may have a different bit length than the unenciphered serial number, or unmodified first ID, depending on the contents pf the PIN or the data. Varying the enciphered SN bit length may also be a function of another event known to both the subscriber and fixed network unit such as the time of day.
The algorithm to integrate the two enciphering keys may be varied to accommodate various levels of security depending 20~ upon the requirement of the system. The subscriber identification enciphering method does not require authentication to be confirmed by the fixed network communication unit before data is transmitted. Combining PIN
with data adds the ability of the system to encipher a serial 2s number into a complex code to an extent sufficient to substantially eliminate unauthorized detection by RF
eavesdropping and unauthorized divulgence by installers.
The modified serial number (enciphered SN) becomes a component of the Authentication Request Message (ARM) (35) 30 that is transmitted via RF (36) to the fixed network communication unit. Once encipherment is complete, the assigned telephone number is obtained (33) from memory. This number is not enciphered as part of the authentication procedure. This identifier is a -omponent of the ARM (35) that .
WO 91/OtO67 PCI~US90103290 2~6~3447 - ~
informs the fixed network unit that the authentication request is coming from a valid subscriber unit.
- The call sequence count is then obtained (34) and also used in the ARM (35). The call sequence count is updated s (incremented or decremented) each time a predetermined event occurs such as when the authentication procedure is initiated or a call is completed. The count may be maintained by the subscriber and fixed network unit usin~ a rollover type counter such as a ring counter. This count is used by the fixed network communication unit as a means to count the number of calls made by each subscriber. Because a record of the number of calls made by each subscriber is maintained by both the subscriber unit and the fixed network communication unit, another subscriber trying to use the same serial number will be detected because it will not have made the exact same number of calls as the legitimate subscriber. The call sequence count information is communicated to the fixed network unit as one component of the Authentication Request Message. The ARM can be communicated in any acceptable 20 format or in any number of stages. Components of a typical ARM (35) include data, the enciphered serial number, the call sequence count, and the assigned telephone number. An alternative embodiment would include modifying the call sequence count using the same enciphering method that is used 2s to modify the SN. This would further enhance the protection because the count is also disguised using the PIN and data;
each subscriber would generate a different value for the same count (number of calls made).
A fixed network communication unit receives a 30 transmitted ARM and uses this information to determine whether authentication should be granted to the subscriber unit. FIG. 3 depicts the authentication method performed by a fixed network unit. The ARM is received (37) by the fixed network unit by means of the base RF unit (21). The fixed WO 91/01067 : PCI/US90/03290 ~ b3447 network unit has access to assigned telephone number's, serial number's and PlN's of valid subscriber units through its database. The fixed network unit determines if the assigned telephone number received in the ARM is valid (39) by s obtaining from the fixed network unit database the same assigned telephone number (38). A comparison is made ~etween the received telephone number from the subscriber unit and the valid number found in the database (39). If the assigned telephone number is not recognized by the fixed network unit, authentication is denied (or some other action taken) (4û).
If the assigned telephone number is determined to be valid (it is found in the database), the fixed network unit then retrieves from the database the serial number and PIN
. corresponding to that particular assigned telephone number.
The fixed network unit then, uses the PIN from the database and the data received in the ARM as enciphering keys as elements of its enciphering method (44), which is the same method used in the subscriber unit, and generates its own 20 enciphered serial number. The fixed network unit compares this enciphered serial number to the serial number enciphered by the subscriber unit(46). If they are not substantially the same, then the system denies access or takes some other predetermined course of action (47). If they are within the 2s acceptable tolerance, the received call sequence count is obtained (48) and compared (50) to the call count maintained by the fixed network communication unit (49). If the counts are substantially equal, authentication may be confirmed (~2) which is the first predetermined course of action. At this 30 point, the subscriber may be allowed to communicate with the third communication unit associated with the dialed number.
This third unit may more generally be termed a requested communication resource. If thP count is not within the acceptable tolerance, authentication may be denied or the Wo 91/01067 P~lussolo3~so authorities may be notified that a multiple user is attempting to access the system (51).
The fixed network unit call counter maintains the number of times authentication is granted to a subscriber. Each s subscriber has its own call counter. Having z continuous call counting scheme between a subscriber and a fixed network communication unit preYents another subscriber from using some other subscriber's identification number because the thief would not have made the identical number of calls that the legitimate subscriber made. This discrepancy is flagged by the fixed network unit when it compares the two counts.
Protection against illegitimate users is further enhanced by the encipherment method's use of the enciphered dialed telephone number and the PiN (which is not transmined).
Without an illegitimate user knowing a subscriber's PIN and the exact algorithm that enciphers the serial number, a thief is limited to merely copying the authentication message of a subscriber and repeating this message. Each time a subscriber dials a different telephone number, a different authentication 20 request message is ~enerated because each subscriber has a different PIN; each subscriber ~enerates a different authentication request message for the same telephone number.
Although a thief may detect the call sequence count 25 (because it is not enciphered in the ARM) and update it, a correct count would only allow the thief to gain authentication for the enciphered dialed telephone number he intercepted.
Therefore the illegitimate user can only communicate to the subscriber whose enciphered telephone number matches that 30 copied from the ARM.
An alternative embodiment comprising the call sequence count may allow each subscriber to maintain more than one call counter where a separate cail counter is required for each fixed network communication unit. This embodiment would ?.~63~ ~ 12 find use in a cellular communication system which allowed a subscriber to use multiple fixed network commun~cation units.
Another alternative embodiment to the flow in FIG. 3 may require the step of comparing the call sequence counts (50) to s occur before the step involving the comparison of enciphered s~sr~ um~ers ~6)~
/ ~
.
.
wo 91/01067 Pcr/lJsso/o32so ~ 2~ 4~ ~
by a subscriber, is maintained in both the first and second communication units. This value (count) is historic because it represents past telephone calls attributed to a communication unit, and it is non-arbitrary because this history of s transactions (i.e., number of calls made) serves to identify an out-of-sync communication unit.
The first communication unit transmits (via RF signals) the modified ID and count to a second communication unit. The second communication unit compares the count maintained by o the first communication unit to the count maintained by the second unit. A count discrepancy indicates a different number of calls on one unit indicating a multiple user whose count is out of sequence. The second communication unit performs the same enciphering method on the known serial number using the data received and a known second ID. The second communication unit compares the received modified serial number and the serial number generated by the fixed network communication unit to determine if the serial number is valid.
The invention is designed to substantially decrease 20 unauthorized use of a first ID of a communication unit. The authentication method does not require the second ID to ever be transmitted by RF.
This invention provides a means for detecting multiple subscribers using the same serial numbers and telephone 25 numbers. Moreover, if a multiple user copies the information transmitted and uses the same information to access the system, the multiple user will be limited to only calling the telephone number that is in the authentication message; not a telephone number of his own choice. This authentication 30 invention also reduces authentication errors by making more efficient use of the data transmitted and a second ID, by using them as a part of the cipher; the enciphering means does not require an additional RAND stream to be sent by a fixed network communication unit to be used as the common WO 91/01067 $~ PCI/US90/03290 enciphering base and thereby eliminates this additional transmission and therefore decreases the probability of errors.
BRIEF DESCRIPTION OFTHE DRAWINGS
s : : ~
FIG. 1 is a block dia3ram of a typical subscriber communication unit and fixed network communication unit.
FIG. 2 is a fiow chart of the identification enciphering method used by a subscriber communication unit.
FIG. 3 is a flow chart of the authentication~ method used by a fixed network communication unit in accordance with the invention .
BEST MODE OF OPERATIO~i FIG. 1 generally depicts a subscriber communication unit (10) such as a subscriber telephone and a fixed network communication unit (20) such as a cellular telephone basesite and switching center. The subscriber communication unit (10) is comprised of a microprocessing stage (12), a non-volatile memory unit (11), a radio frequency (RF) sta~e (13), all as well understood in the art. Additional elements include a data input stage (14~ such as a key entry pad on a telephone (to enter a :telephone number - data), a subscriber call sequence counter 2s -(15), and an output from an enciphering stage referrèd to as the enciphered serial number (16).
Within the non-volatile memory unit (11 ) resides the serial number (18) (for the subscriber unit), the PIN (19), and the subscriber telephone number (17) (which can have, for 30 example, characteristics of a Mobile Identification Number (MIN)). The PIN is a second ID known only to the subscriber unit and the fixed network unit. For example, it should not be available to an installer of the subscriber unit, it ~hould only be available to a legitimate user of a subscriber unit and a U'O 9~/01067 pr~r/usso/o329o ~ 0 6 3 ~ 4 7 _ ~
fixed network communication unit database. The subscriber need only enter the PIN one time to activate it. The PIN may be changed by the subscriber, but the change must also be made known to the fixed network unit. These identifiers need not s necessarily be numbers but may correspond to any attribute capable of being identified by the fixed network communications unit. An alternative embodiment, for examp~e, in a cellular system, may include a stored look up table containing multiple sets of serial numbers, PlN`s, and telephone numbers with each set of identifiers corresponding to a specific cellular area or fixed network communication u n it .
The fixed network communication unit (20) includes a switching center which is comprised of a microprocessing stage (22), a database (23), and a link to a basesite radio frequency stage (21), all as well understood in the art.
Additional elements include a fixed network unit call sequence counter (24) and an enciphered serial number generated by the fixed network unit (2~).
The database includes information regarding the subscriber unit's: serial number (28), PIN (27), and subscriber telephone number (26); the information includes a stored copy of the serial number (28), PIN (27), and the subscriber telephone number (26). The serial number (18), PIN (19), and telephone number (17) of the subscriber communication unit (10) correspond to the serial number (28), PIN (27), and telephone number (26) as stored in the fixed network communication unit (20). Communication between the subscriber communication unit (10) and the fixed network communicafion unit (20) is accomplished via RF transmissions between the two units in accordance with well understood cellular system techniques.
When authentication i~ required of the subscriber communication unit (10), the subscriber unit enciphers its } ~ `2~634~47 - ` . ~ = 8 serial number (18) and increments its call sequence counter (15). FIG. 2 depicts the method used by a subscriber communication unit to encipher its serial number before transmission to a fixed network communication unit during an s authentication request (29). This method requires use of two enciphering keys. The subscriber unit obtains the called telephone number (data) (30) and obtains PIN (31) from memory and uses at least parts of these two components as the enciphering keys to encipher its serial number (32). If PIN
and the called telephone number are comprised of bits, the parts of these keys to be used are the conterlts of the bits and the bit length of each key. For example, an enciphered serial number may have a different bit length than the unenciphered serial number, or unmodified first ID, depending on the contents pf the PIN or the data. Varying the enciphered SN bit length may also be a function of another event known to both the subscriber and fixed network unit such as the time of day.
The algorithm to integrate the two enciphering keys may be varied to accommodate various levels of security depending 20~ upon the requirement of the system. The subscriber identification enciphering method does not require authentication to be confirmed by the fixed network communication unit before data is transmitted. Combining PIN
with data adds the ability of the system to encipher a serial 2s number into a complex code to an extent sufficient to substantially eliminate unauthorized detection by RF
eavesdropping and unauthorized divulgence by installers.
The modified serial number (enciphered SN) becomes a component of the Authentication Request Message (ARM) (35) 30 that is transmitted via RF (36) to the fixed network communication unit. Once encipherment is complete, the assigned telephone number is obtained (33) from memory. This number is not enciphered as part of the authentication procedure. This identifier is a -omponent of the ARM (35) that .
WO 91/OtO67 PCI~US90103290 2~6~3447 - ~
informs the fixed network unit that the authentication request is coming from a valid subscriber unit.
- The call sequence count is then obtained (34) and also used in the ARM (35). The call sequence count is updated s (incremented or decremented) each time a predetermined event occurs such as when the authentication procedure is initiated or a call is completed. The count may be maintained by the subscriber and fixed network unit usin~ a rollover type counter such as a ring counter. This count is used by the fixed network communication unit as a means to count the number of calls made by each subscriber. Because a record of the number of calls made by each subscriber is maintained by both the subscriber unit and the fixed network communication unit, another subscriber trying to use the same serial number will be detected because it will not have made the exact same number of calls as the legitimate subscriber. The call sequence count information is communicated to the fixed network unit as one component of the Authentication Request Message. The ARM can be communicated in any acceptable 20 format or in any number of stages. Components of a typical ARM (35) include data, the enciphered serial number, the call sequence count, and the assigned telephone number. An alternative embodiment would include modifying the call sequence count using the same enciphering method that is used 2s to modify the SN. This would further enhance the protection because the count is also disguised using the PIN and data;
each subscriber would generate a different value for the same count (number of calls made).
A fixed network communication unit receives a 30 transmitted ARM and uses this information to determine whether authentication should be granted to the subscriber unit. FIG. 3 depicts the authentication method performed by a fixed network unit. The ARM is received (37) by the fixed network unit by means of the base RF unit (21). The fixed WO 91/01067 : PCI/US90/03290 ~ b3447 network unit has access to assigned telephone number's, serial number's and PlN's of valid subscriber units through its database. The fixed network unit determines if the assigned telephone number received in the ARM is valid (39) by s obtaining from the fixed network unit database the same assigned telephone number (38). A comparison is made ~etween the received telephone number from the subscriber unit and the valid number found in the database (39). If the assigned telephone number is not recognized by the fixed network unit, authentication is denied (or some other action taken) (4û).
If the assigned telephone number is determined to be valid (it is found in the database), the fixed network unit then retrieves from the database the serial number and PIN
. corresponding to that particular assigned telephone number.
The fixed network unit then, uses the PIN from the database and the data received in the ARM as enciphering keys as elements of its enciphering method (44), which is the same method used in the subscriber unit, and generates its own 20 enciphered serial number. The fixed network unit compares this enciphered serial number to the serial number enciphered by the subscriber unit(46). If they are not substantially the same, then the system denies access or takes some other predetermined course of action (47). If they are within the 2s acceptable tolerance, the received call sequence count is obtained (48) and compared (50) to the call count maintained by the fixed network communication unit (49). If the counts are substantially equal, authentication may be confirmed (~2) which is the first predetermined course of action. At this 30 point, the subscriber may be allowed to communicate with the third communication unit associated with the dialed number.
This third unit may more generally be termed a requested communication resource. If thP count is not within the acceptable tolerance, authentication may be denied or the Wo 91/01067 P~lussolo3~so authorities may be notified that a multiple user is attempting to access the system (51).
The fixed network unit call counter maintains the number of times authentication is granted to a subscriber. Each s subscriber has its own call counter. Having z continuous call counting scheme between a subscriber and a fixed network communication unit preYents another subscriber from using some other subscriber's identification number because the thief would not have made the identical number of calls that the legitimate subscriber made. This discrepancy is flagged by the fixed network unit when it compares the two counts.
Protection against illegitimate users is further enhanced by the encipherment method's use of the enciphered dialed telephone number and the PiN (which is not transmined).
Without an illegitimate user knowing a subscriber's PIN and the exact algorithm that enciphers the serial number, a thief is limited to merely copying the authentication message of a subscriber and repeating this message. Each time a subscriber dials a different telephone number, a different authentication 20 request message is ~enerated because each subscriber has a different PIN; each subscriber ~enerates a different authentication request message for the same telephone number.
Although a thief may detect the call sequence count 25 (because it is not enciphered in the ARM) and update it, a correct count would only allow the thief to gain authentication for the enciphered dialed telephone number he intercepted.
Therefore the illegitimate user can only communicate to the subscriber whose enciphered telephone number matches that 30 copied from the ARM.
An alternative embodiment comprising the call sequence count may allow each subscriber to maintain more than one call counter where a separate cail counter is required for each fixed network communication unit. This embodiment would ?.~63~ ~ 12 find use in a cellular communication system which allowed a subscriber to use multiple fixed network commun~cation units.
Another alternative embodiment to the flow in FIG. 3 may require the step of comparing the call sequence counts (50) to s occur before the step involving the comparison of enciphered s~sr~ um~ers ~6)~
/ ~
.
Claims (10)
1. A method of authentication and protection between a subscriber unit and a central communication unit in a radiotelephone communication system, comprising the steps of:
(a) providing the subscriber unit with a first ID and a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit;
(b) generating a modified first ID in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier; and (c) transmitting via a radio communication link the modified first ID and at least part of the terminal endpoint identifier from the subscriber unit to the central communication unit.
(a) providing the subscriber unit with a first ID and a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit;
(b) generating a modified first ID in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier; and (c) transmitting via a radio communication link the modified first ID and at least part of the terminal endpoint identifier from the subscriber unit to the central communication unit.
2. The method according to claim 1 wherein:
(a) the subscriber unit maintains an historic non-arbitrary value;
(b) a modified historic non-arbitrary value is generated in the subscriber unit by modifying the historic non-arbitrary value as a function of the terminal endpoint identifier; and (c) the modified historic non-arbitrary value is transmitted via the radio communication link from the subscriber unit to the central communication unit.
(a) the subscriber unit maintains an historic non-arbitrary value;
(b) a modified historic non-arbitrary value is generated in the subscriber unit by modifying the historic non-arbitrary value as a function of the terminal endpoint identifier; and (c) the modified historic non-arbitrary value is transmitted via the radio communication link from the subscriber unit to the central communication unit.
3. The method according to claim 2 wherein the historic non-arbitrary value comprises a count of a predetermined number of communication events.
4. The method according to claim 1 wherein:
(a) the subscriber unit is provided with a second ID; and (b) the modified first ID is generated in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier and the second ID.
(a) the subscriber unit is provided with a second ID; and (b) the modified first ID is generated in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier and the second ID.
5. A method of authentication and protection between a subscriber unit and a central communication unit in a radiotelephone communication system, comprising the steps of:
(a) providing the central communication unit with a first ID;
(b) receiving a modified first ID and at least part of a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit at the central communication unit, the modified first ID being derived from a first ID and the terminal endpoint identifier; and (c) determining in the central communication unit, through the use of the received modified first ID, the received at least part of the terminal endpoint identifier and the first ID, if the received service request is authentic.
(a) providing the central communication unit with a first ID;
(b) receiving a modified first ID and at least part of a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit at the central communication unit, the modified first ID being derived from a first ID and the terminal endpoint identifier; and (c) determining in the central communication unit, through the use of the received modified first ID, the received at least part of the terminal endpoint identifier and the first ID, if the received service request is authentic.
6. The method according to claim 5 wherein:
(a) the central communication unit maintains an historic non-arbitrary value;
(b) the central communication unit receives a modified historic non-arbitrary value at the central communication unit; and (c) the step of determining if the received service request is authentic further comprises:
(i) granting communication between the subscriber unit and the target communication unit uniquely identified by the terminal endpoint identifier, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially similar to the historic non-arbitrary value maintained by the central communication unit; and (ii) providing output indicating that a multiple user is attempting to access the radiotelephone communication system when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially different from the historic non-arbitrary value maintained by the central communication unit.
(a) the central communication unit maintains an historic non-arbitrary value;
(b) the central communication unit receives a modified historic non-arbitrary value at the central communication unit; and (c) the step of determining if the received service request is authentic further comprises:
(i) granting communication between the subscriber unit and the target communication unit uniquely identified by the terminal endpoint identifier, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially similar to the historic non-arbitrary value maintained by the central communication unit; and (ii) providing output indicating that a multiple user is attempting to access the radiotelephone communication system when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially different from the historic non-arbitrary value maintained by the central communication unit.
7. The method according to claim 5 wherein:
(a) the central communication unit is provided with a second ID;
and (b) the determining if the received service request is authentic further includes the use of the second ID.
(a) the central communication unit is provided with a second ID;
and (b) the determining if the received service request is authentic further includes the use of the second ID.
8. A method of authentication and protection between a subscriber unit and a central communication unit in a radiotelephone communication system, comprising the steps of:
(a) providing the subscriber unit with a first ID and a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit;
(b) providing the central communication unit with the first ID;
(c) generating a modified first ID in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier;
(d) transmitting via a radio communication link the modified first ID and at least part of the terminal endpoint identifier from the subscriber unit to the central communication unit;
(e) receiving the modified first ID and at least part of a terminal endpoint identifier at the central communication unit; and (f) determining in the central communication unit, through the use of the received modified first ID, the received at least part of the terminal endpoint identifier and the first ID, if the received service request is authentic.
(a) providing the subscriber unit with a first ID and a terminal endpoint identifier which uniquely identifies a target communication unit other than the central communication unit;
(b) providing the central communication unit with the first ID;
(c) generating a modified first ID in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier;
(d) transmitting via a radio communication link the modified first ID and at least part of the terminal endpoint identifier from the subscriber unit to the central communication unit;
(e) receiving the modified first ID and at least part of a terminal endpoint identifier at the central communication unit; and (f) determining in the central communication unit, through the use of the received modified first ID, the received at least part of the terminal endpoint identifier and the first ID, if the received service request is authentic.
9. The method according to claim 8 wherein:
(a) the subscriber unit and central communication unit maintain historic non-arbitrary values;
(b) a modified historic non-arbitrary value is transmitted via the radio communication link from the subscriber unit to the central communication unit;
(c) the central communication unit receives the modified historic non-arbitrary value at the central communication unit; and (d) the step of determining if the received service request is authentic further comprises:
(i) granting communication between the subscriber unit and the target communication unit uniquely identified by the terminal endpoint identifier, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially similar to the historic non-arbitrary value maintained by the central communication unit; and (ii) providing output indicating that a multiple user is attempting to access the radiotelephone communication system, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially different from the historic non-arbitrary value maintained by the central communication unit.
(a) the subscriber unit and central communication unit maintain historic non-arbitrary values;
(b) a modified historic non-arbitrary value is transmitted via the radio communication link from the subscriber unit to the central communication unit;
(c) the central communication unit receives the modified historic non-arbitrary value at the central communication unit; and (d) the step of determining if the received service request is authentic further comprises:
(i) granting communication between the subscriber unit and the target communication unit uniquely identified by the terminal endpoint identifier, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially similar to the historic non-arbitrary value maintained by the central communication unit; and (ii) providing output indicating that a multiple user is attempting to access the radiotelephone communication system, when the received modified historic non-arbitrary value information is substantially derived from a historic non-arbitrary value which is substantially different from the historic non-arbitrary value maintained by the central communication unit.
10. The method according to claim 8 wherein:
(a) the subscriber unit is provided with a second ID;
(b) the central communication unit is provided with the second ID;
(c) the modified first ID is generated in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier and the second ID; and (d) the determining if the received service request is authentic further includes the use of the second ID.
(a) the subscriber unit is provided with a second ID;
(b) the central communication unit is provided with the second ID;
(c) the modified first ID is generated in the subscriber unit by modifying the first ID as a function of the terminal endpoint identifier and the second ID; and (d) the determining if the received service request is authentic further includes the use of the second ID.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US37872189A | 1989-07-12 | 1989-07-12 | |
| US378,721 | 1989-07-12 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2063447A1 CA2063447A1 (en) | 1991-01-13 |
| CA2063447C true CA2063447C (en) | 1997-03-25 |
Family
ID=23494291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002063447A Expired - Lifetime CA2063447C (en) | 1989-07-12 | 1990-06-14 | Method for authentication and protection of subscribers in telecommunication systems |
Country Status (7)
| Country | Link |
|---|---|
| JP (1) | JP2684118B2 (en) |
| AU (1) | AU6034790A (en) |
| CA (1) | CA2063447C (en) |
| IL (1) | IL94467A (en) |
| MX (1) | MX166091B (en) |
| MY (1) | MY107083A (en) |
| WO (1) | WO1991001067A2 (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2678459B1 (en) * | 1991-06-26 | 1997-05-16 | Patrick Remery | METHOD FOR AUTHENTICATING A SUBSCRIBED CALLING PERSON FOR TELEPHONE PRICING. |
| DE69333868D1 (en) * | 1992-01-29 | 2005-10-20 | Toshiba Kawasaki Kk | Radio telecommunication apparatus |
| JP3105361B2 (en) * | 1992-08-19 | 2000-10-30 | 日本電信電話株式会社 | Authentication method in mobile communication system |
| US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
| DE4323847C1 (en) * | 1993-07-16 | 1994-05-26 | Grundig Emv | Remote call for access authorisation to subscriber terminal - is made from appts. with memory contg. secret algorithm for computation of password using serial number obtd. from terminal memory |
| US5384847A (en) * | 1993-10-01 | 1995-01-24 | Advanced Micro Devices, Inc. | Method and apparatus for protecting cordless telephone account authentication information |
| DE4336995A1 (en) * | 1993-10-29 | 1995-05-04 | Sel Alcatel Ag | Method and device for determining the assignment of a mobile radio device to device lists |
| BR9406070A (en) * | 1993-11-24 | 1996-02-06 | Ericsson Telefon Ab L M | Process and system for authenticating the identification of a remote station in a radio communication system and respective remote and base stations |
| US5467398A (en) * | 1994-07-05 | 1995-11-14 | Motorola, Inc. | Method of messaging in a communication system |
| WO1996038994A1 (en) * | 1995-06-02 | 1996-12-05 | Dsc Communications Corporation | Apparatus and method of authenticating a subscriber terminal in a wireless telecommunications system |
| DE19542781C2 (en) * | 1995-11-16 | 1998-08-27 | Siemens Ag | Authentication of subscriber lines |
| DE19548044C2 (en) * | 1995-12-21 | 1998-03-26 | Siemens Ag | Method and arrangement for generating random numbers in telecommunication devices of a wireless telecommunication system |
| US5950114A (en) * | 1996-03-29 | 1999-09-07 | Ericsson Inc. | Apparatus and method for deriving a random reference number from paging and originating signals |
| US6188899B1 (en) | 1996-07-15 | 2001-02-13 | At&T Wireless Svcs, Inc. | System and method for automatic registration notification for over-the-air activation |
| USRE40791E1 (en) * | 1999-06-15 | 2009-06-23 | Siemens Aktiengesellschaft | Method and system for verifying the authenticity of a first communication participants in a communications network |
| DE19955096B4 (en) * | 1999-11-16 | 2009-10-01 | Siemens Ag | A method of authenticating a radio communication network to a mobile station and a radio communication network and a mobile station |
| CN112164220B (en) * | 2020-09-22 | 2022-08-02 | 江西锦路科技开发有限公司 | Expressway service area congestion monitoring and automatic guidance system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4023012A (en) * | 1974-07-08 | 1977-05-10 | Omron Tateisi Electronics Co. | System for verifying the user of a card |
| US4315101A (en) * | 1979-02-05 | 1982-02-09 | Atalla Technovations | Method and apparatus for securing data transmissions |
| US4535333A (en) * | 1982-09-23 | 1985-08-13 | Chamberlain Manufacturing Corporation | Transmitter and receiver for controlling remote elements |
| CN1005935B (en) * | 1986-04-30 | 1989-11-29 | 三菱电机株式会社 | Digital telecontrol apparatus |
-
1990
- 1990-05-22 IL IL9446790A patent/IL94467A/en not_active IP Right Cessation
- 1990-06-14 JP JP2510364A patent/JP2684118B2/en not_active Expired - Lifetime
- 1990-06-14 AU AU60347/90A patent/AU6034790A/en not_active Abandoned
- 1990-06-14 CA CA002063447A patent/CA2063447C/en not_active Expired - Lifetime
- 1990-06-14 WO PCT/US1990/003290 patent/WO1991001067A2/en active Application Filing
- 1990-07-03 MX MX021438A patent/MX166091B/en unknown
- 1990-07-12 MY MYPI90001171A patent/MY107083A/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| MY107083A (en) | 1995-09-30 |
| CA2063447A1 (en) | 1991-01-13 |
| IL94467A0 (en) | 1991-03-10 |
| AU6034790A (en) | 1991-02-06 |
| JP2684118B2 (en) | 1997-12-03 |
| WO1991001067A2 (en) | 1991-01-24 |
| MX166091B (en) | 1992-12-17 |
| IL94467A (en) | 1995-12-31 |
| WO1991001067A3 (en) | 1992-11-26 |
| JPH05503816A (en) | 1993-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5572193A (en) | Method for authentication and protection of subscribers in telecommunications systems | |
| CA2141318C (en) | Method and apparatus for efficient real-time authentication and encryption in a communication system | |
| US5239294A (en) | Method and apparatus for authenication and protection of subscribers in telecommunication systems | |
| CA2063447C (en) | Method for authentication and protection of subscribers in telecommunication systems | |
| US5794139A (en) | Automatic generation of private authentication key for wireless communication systems | |
| EP0976278B1 (en) | Preventing misuse of a copied subscriber identity in a mobile communication system | |
| EP1168870B1 (en) | An improved method for an authentication of a user subscription identity module | |
| AU716523B2 (en) | Management of authentication keys in a mobile communication system | |
| US5457737A (en) | Methods and apparatus to verify the identity of a cellular mobile phone | |
| US5377267A (en) | Method of authentication with improved security for secrecy of authentication key | |
| EP1562394B1 (en) | Apparatus and method for setting use restriction of mobile communication terminal | |
| US5943425A (en) | Re-authentication procedure for over-the-air activation | |
| US5233656A (en) | Telephone installation for the remote loading of telephone rental data of an independent station | |
| US5822691A (en) | Method and system for detection of fraudulent cellular telephone use | |
| CA2544759A1 (en) | Method for managing the security of applications with a security module | |
| US6665530B1 (en) | System and method for preventing replay attacks in wireless communication | |
| CA2343180C (en) | Method for improving the security of authentication procedures in digital mobile radio telephone systems | |
| KR100320322B1 (en) | Improved security in cellular telephones | |
| WO1999049688A1 (en) | System and method of authenticating a mobile station's identity and handling authentication failures in a radio telecommunications network | |
| CN1124766C (en) | System and method for preventing replay attacks in wireless communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry | ||
| MKEX | Expiry |
Effective date: 20100614 |