MXPA99006560A - Method and apparatus for providing authentication security in a wireless communication system - Google Patents

Abstract

An apparatus for providing authentication of a mobile station in a wireless communication system. The present invention takes the number dialed by the mobile station user and computes the 24 bit number (AUTH_DATA) for authentication in accordance with a hashing function that has the following characteristics. The hashing function takes as its input at least the entire dialed digit string contained in the request for service and the number of digits. In a preferred embodiment, the ordering of the digits affects the results, as well as, the values of the digits. The preferred embodiment of the hashing function also accepts some or all of the mobile station identifier data. The function provides as output a number of suitable size for input to a second calculation of an authentication signature, such as the 24 bits required for AUTH_DATA. The output number is created in such a way that there is a minimum likelihood that other sets of dialed digits may create the same result.

Description

METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION SECURITY IN A SYSTEM OF WIRELESS COMMUNICATIONS BACKGROUND OF THE INVENTION I. Field of the Invention The present invention relates to communication systems. More particularly, the present invention relates to a novel and improved method for authenticating a mobile station in a wireless communication system. II. Description of the Related Art Various cellular telephone systems regulated by the Association of the Telecommunications Industry (AUNT) use the authentication scheme, regulated first in EIA / TIA / IS-54-B. A similar scheme is described in U.S. Patent No. 5,239,294, to Flanders et al. Entitled "METHOD AND APPARATUS FOR AUTHENTICATION AND PROTECTION OF SUBSCRIBERS IN A SYSTEM OF TELECOMMUNICATIONS "(" METHOD AND APPARATUS FOR AUTHENTICATION AND PROTECTION OF SUBSCRIBES IN A TELECOMMUNICATION SYSTEM "), which is incorporated herein by reference.As an aspect of the authentication scheme used in IS-54-B, an authentication signal is computed by the mobile station and sent to the base station to test that the mobile station is legitimately authorized for services through the cellular system For service demands originated by the mobile, this authentication signal is a check or cryptography of a way, part or all of the following information: • The number electronic serial number of the mobile station; • mobile subscription number, which may be the directory number or other identifier of the mobile subscriber; • a random "identification signal" value sent by the base station; • a secret key; and • The last six digits of the number dialed by the user of the mobile station The last six digits dialed by the user of The mobile station is placed in a 24-bit registry that is referenced in the standards as AUTH_DATA. The authentication signal is calculated by using AUTH_DATA and transmitted to the base station. The base station verifies the signal provided by the telephone against its own calculation of the signal and normally rejects the service if the signal provided does not match the calculated value. In principle, only the legitimate mobile station can create the correct signal, because the secret key is not known by fraudulent mobile stations. The proposal to include the dialed digits is to avoid "redialing attacks" in which a fraudulent user simply repeats the same signal and identification information previously used by a legitimate user. In principle, the fraudulent mobile station could not obtain service in this way unless it was calling the same directory number. There is a flaw in the use of the dialed digits as described in the IS-54-B standard and is that in many implementations of the wireless switching equipment, the attacker can simply add to the dialed number six extra digits that are the same as the the last six digits dialed from an origin sent by a legitimate user and send the identification and signal as if it were used by the legitimate user. The extra digits will be ignored by the switch (for example, in the case of the announced number "1-800-FLY-CHEAP", the last digit corresponding to "P" is not processed). However, the authentication signal will be computed by the base station through the use of these extra digits and therefore the signal will match the expected value, allowing the fraudulent user to obtain service.

One method to combat this is to avoid using only the last digits of the dialed number. For example, one can use selected digits through all the dialed numbers, instead of only the final digits. Although this is an improvement, it is less certain than the method proposed in this invention, which includes the complete number dialed and the digit count as part of the calculation of the signal. SUMMARY OF THE INVENTION The present invention is a novel and improved method and apparatus for providing authentication of a mobile station in a wireless communication system. The present invention takes the number dialed by the user of the mobile station and calculates the 24-bit number (AUTH_DATA) to be used in the authentication according to a key calculation function having the following characteristics: • The calculation function of keys takes as its entry at least the entire string of dialed digits contained in the service demand and the number of digits. In a preferred embodiment, the ordering of the digits affects the result, as well as the values of the digits. The preferred embodiment of the key calculation function also accepts some or all of the identifying data of the mobile station. • The key calculation function provides as output an appropriate size number for its input to a second calculation of an authentication signal, such as the 24 bits required by AUTH_DATA. • The key calculation function takes as its input at least the entire chain of dialed digits contained in the service demand and the number of digits. In a preferred embodiment, the ordering of the digits, as well as the values of the digits, affect the result. The preferred mode of the key calculation function also accepts some or all of the identifying data of the mobile station. • The number issued is created in such a way that there is a minimum probability that other sets of dialed digits can create the same result. • In a preferred embodiment, the number of digits in the dialed string is inserted directly into the 24-bit number, to prevent a change in the number of digits from being transmitted. In the preferred embodiment of the invention, the algorithm accepts a string of dialed digits of known length and produces as output a 24-bit calculated check code proposed to be used in the generation of the authentication signal. The key calculation algorithms that decrypt data to provide a combination of the data as a means of validating the legitimacy of a user are well known in the art. In this description, it is assumed that one or more digits are entered by the user. If digits are not entered, AUTH_DATA can be completely formed by using the identifiers of the mobile station. The identifiers can be used, for example, to modify the initial value of the buffer. In the exemplary mode, the key calculation function performs 8 rounding operations on a 24-bit buffer. All operations on the dialed digits and the buffer are carried out in module 16, that is, with 4 bits of meaning. The roundings of the operations are linked together by means of a search table "trtab". This is a table of 16 entries that is a permutation of the integers 0 to 15, with the additional property that for each index, the input table in that index is not equal to the index. The 24-bit buffer is treated as a module 6 of 16 integers. The buffer is initialized with consecutive integers, the first being the length of the string of digits marked, module 16. A variable "v" (initially 0) is modified as the algorithm proceeds by updating its value, adding the contents of the current buffer and the current dialed digit and then passed through the lookup table to provide a non-linear transformation. The resulting value is then combined, through the use of an exclusive OR operation, with the position of the current buffer. The buffer is processed in a circular fashion, starting with the first entry, processing one entry at a time and then the last entry, beginning again with the first. The algorithm proceeds by performing 8 steps on the entire chain of marked digits, combining the dialed digits and the contents of the current buffer in the manner described above. In case there are either 6 or 12 digits in the dialed number, the steps on the buffer and the dialed number would be in synchronization and this is considered undesirable, so that at the end of each step on the dialed digits , the index of the buffer will move along 1 position. This would also be true for 18 digits (and any multiple greater than 6) but in this case so much information is processed that synchronization is not considered important. When this processing is completed, a 24-bit integer is formed from the buffer, taking the index 0 as the 4 most significant bits. The six least significant bits of this integer are replaced with the length of the string of digits (module 64). In this way, only numbers marked of equal lengths (module 64) can possibly produce the same output. BRIEF DESCRIPTION OF THE DRAWINGS The characteristic objects and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which similar reference characters are identified throughout corresponding and wherein: Figure 1 is a block diagram illustrating the authentication system of the present invention; Fig. 2 is a flow chart illustrating an exemplary embodiment of the method of encrypting the dialed number of the present invention; and Figure 3 is a "C" program that implements the exemplary embodiment of the method of encrypting the dialed number of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED MODALITIES In figure 1, the authentication system of the present invention is illustrated. When a user of a mobile station wishes to initiate a call, he enters the number he is calling on the user's keypad 2. That number is provided to the calculator of the key calculation function 4, which generates a data sequence of 24-bit authentication (AUTH_DATA). In the present invention, the calculator of the key calculation function 4 performs an operation on the number entered by the user of the mobile station that satisfies the following conditions. The calculator of the key calculation function 4 uses the entire string of digits contained in the service request and also uses the number of digits in the string to generate the 24-bit authentication data stream (AUTH_DATA). In a preferred embodiment, the calculator of the key calculation function 4 uses a function that generates the sequence of authentication data according to both values of the digits entered by the user of the mobile station and the order of the digits entered by the mobile station. the user of the mobile station. In addition, the calculator of the key calculation function 4 uses some or all of the identifier data that is provided to the calculator of the key calculation function 4 by means of the parameter memory of the user 8. The parameter memory of the user 8 is would typically implement by using a read-only memory device (ROM) or a programmable read-only memory device (PROM), as is well known in the art. In addition, the authentication data sequence generated by the calculator of the key calculation function 4 should be created in such a way that there is a minimum probability that other sets of numbers introduced would produce the same sequence of authentication data. The authentication data sequence is provided by the calculator of the key calculation function 4 to an authentication message generator 6. The authentication message generator 6 generates a signal that is used to authenticate the identity of the mobile station. The authentication message generator 6 generates the signal according to the authentication data sequence (AUTH_DATA) provided by the calculator of the key calculation function 4 and the user parameter data provided by the user's parameter memory 8. In the exemplary embodiment, the authentication message generator 6 operates according to an algorithm of generating a predetermined signal, which generates an authentication signal to validate the identity of the user. In the present invention, the authentication message generator 6 uses the 24 bits (AUTH_DATA) generated by the calculator of the key calculation function 4. The authentication signal is provided to the transmitter (TMTR) 10, which encodes, modulates , overconverts and amplifies the signal message and transmits the message signal through the antenna 12. In the base station, the transmitted signal is received by the antenna 14 and is provided to the receiver (RCVR) 16, which amplifies, subverts , demodulates and decodes the signal and provides the message to the authentication circuit 24. In addition, the authentication message is provided to the generation circuit 17, which generates a local version of the authentication signal by using the information from the message and information transmitted with respect to the mobile station stored in the parameter database 20. When generating the local version of the authentication signal In this embodiment, the dialed number is extracted from the message and is provided to the calculator of the key calculation function 18, which operates identically to the calculator of the key calculation function 4. The calculator of the key calculation function 18 generates the 24-bit authentication data stream (AUTH_DATA) and provides it to the authentication message generator 22. The authentication message generator 22 generates a local version of the authentication signal as it is described according to the authentication data sequence (AUTH_DATA) and the parameters of the mobile station provided by the subscriber parameter database 20. The locally generated signal is then provided to the authentication circuit 24, which compares the signal generated locally with the received signal. The result of the comparison is provided to the control processor 26, which determines the action to be taken based on the result of the comparison. If there is a match between the locally generated signal and the received signal, then the service to the user of the mobile station is normally provided. However, if the locally generated signal and the received signal do not match, then the service is normally denied. Figure 2 illustrates a flow chart of the method used by the calculators of the key calculation function 4 and 18 to generate the 24-bit authentication data stream (AUTH_DATA). In block 100, a buffer is initialized. The buffer is treated as a module 6 of 16 integers. In the exemplary embodiment, the buffer is initialized with consecutive integers, the first of which is the length of the sequence of digits entered by the user of the mobile station. In addition, the variables v, bi, i and r are initialized to 0. In block 102, the variable v is set equal to the sum of its current value, the first digit entered by the user of the mobile station (marked (i)) and the very first entry in the buffer memory (intermediate memory (i)). In block 104, v is set for the element in the installation trtab. In the exemplary embodiment, the installation trtab is set in such a way that the index of an entry and the value of that entry are never equal. For example, the value of the last entry is never i. The installation trtab has 16 elements with values that are not repeated between 0 and 15. In the exemplary mode, the installation trtab is set to: trtab =. { 15, 5, 6, 10.0,3,8,9,13,11,2, 14, 14,7, 12.}. (1) The value of v, in block 104, is set by doing AND (performing the logical operation) on the current value of v with the value OxF and by using that as the index for the installation trtab. In block 106, the value of the buffer in the bi index (buffer (bi)) is set to the result of 0 excluding the current value of the buffer value in the index bi and the value v. In the control block 108 a test is made to determine if bi equals 6. If bi equals 6, then, in block 110, bi is reset to a value of 0 and the flow proceeds to control block 112 If the current value of bi is not equal to 6, in block 108, then the flow proceeds directly to control block 112. In control block 112, a test is made to determine whether the cycle index i has reached a value of n-1, where n is equal to the number of digits entered by the user of the mobile station. If i has not reached a value of n-1, then, in block 114, i increases, the flow is directed to block 102 and the operation continues as described above. When the index of cycle i reaches the value n-1, the flow proceeds to block 116. In block 116, if the number of digits entered (n) is equal to 6 or 12, then the flow proceeds to block 117. If , in block 116, the number of entered digits is not equal to 6 or 12, then the flow moves directly to block 120. In block 117, the variable bi increases and the flow proceeds to block 118. In the block 118, if the value of bi is 6, the flow proceeds to block 119, otherwise to block 120. In block 119, bi is set to 0 and the flow proceeds to block 120. In block 120, the variable of cycle r is tested to determine if it has achieved a value of 7. If r has not reached a value of 7, then the value of r is increased in block 122, the cycle variable i is reset to zero in block 124, the flow moves to block 102 and the operation proceeds as described above. If the cycle variable r has reached a value of 7, then the 24-bit authentication data sequence is generated from the values stored in the buffer and the length of the number of digits entered by the user of the mobile station. . In block 126, the variable AUTH_DATA is initialized, which will finally contain the sequence of authentication data. In addition, the bi cycle variable is set to zero. The value of AUTH_DATA is shifted per bit to the left four times in block 128. The value of AUTHJDATA is OR per bit with the bi-th element in the buffer (buffer (bi)). In block 132, the bi cycle variable is tested to determine if it has reached a value of 5. If the cycle variable b has not reached a value of 5, then the cycle variable is incremented in block 133, the flow proceeds to block 128 and the operation proceeds as described above. If the cycle variable (bi) has reached a value of 5, the flow is moved to block 134. In block 134, the value of AUTH_DATA is made AND by bit with the value OxFFFFCO and the result of the AND operation is OR per bit with the result of making AND the number of digits entered by the user of the mobile son (n) and the value 0x3F that produces the final authentication data sequence of 24 bits, AUTH_DATA. In Figure 3 a "C" program is provided that implements the operation described above. The prior description of the preferred embodiments is provided to allow any person skilled in the art to make or use the present invention. The various modifications to these modalities will be readily apparent to those skilled in the art and the generic principles defined herein may be applied to other modalities without the use of the inventive faculty. In this way, the present invention does not intend to be limited to the modalities shown herein but to be in accordance with the broadest scope consistent with the principles and novel features set forth herein.

Claims (16)

1. NOVELTY OF THE INVENTION Having described the present invention, it is considered as a novelty and therefore the property described in the following claims is claimed as property. 1. In a mobile communication system, a method for authenticating the identity of a mobile station comprising the steps of: receiving a sequence of dialed digits, entered by the user of a mobile station, which identify a target communication unit; generating a first number derived from said sequence of dialed digits and the number of digits in said sequence of dialed digits; generating an authentication message according to said first number; and transmitting said sequence of dialed digits and said authentication message from said mobile station to a remote base station. The method according to claim 1, characterized in that it further comprises the steps of: receiving said sequence of marked digits and said authentication message in said base station; generating a local version of said first number derived from said received sequence of dialed digits and the number of digits in said received sequence of dialed digits; generating a locally generated authentication message according to said first generated number in a manner - local; and comparing said authentication message generated locally with said received authentication message. The method according to claim 1, characterized in that the step of generating an authentication message is carried out in accordance with a set of identification parameters of the mobile station, stored in said mobile station. The method according to claim 2, characterized in that the step of generating a locally generated authentication message is carried out in accordance with a set of identification parameters of the mobile station, stored in said base station. The method according to claim 1, characterized in that the step of generating said first number comprises establishing part of said first number for said number of digits in said sequence of dialed digits. 6. In the mobile station, a method for authenticating the identity of said mobile station, comprising the steps of: receiving a sequence of dialed digits, entered by the user of a mobile station, which identify a target communication unit; generating a first number derived from said sequence of dialed digits and the number of digits in said sequence of dialed digits; generating an authentication message according to said first number; and transmitting said sequence of dialed digits and said authentication message from said mobile station to a remote base station. The method according to claim 6, characterized in that the step of generating an authentication message is carried out in accordance with a set of identification parameters of the mobile station, stored in said mobile station. The method according to claim 6, characterized in that the step of generating said first number comprises setting part of said first number for said number of digits in said sequence of dialed digits. 9. At the base station, a method for authenticating the identity of a mobile station, comprising the steps of: receiving at said base station a sequence of dialed digits and an authentication message transmitted by said mobile station; generating a local version of said first number derived from said received sequence of dialed digits and the number of digits in said received sequence of dialed digits; generating a locally generated authentication message in accordance with said first locally generated number; and comparing said authentication message generated locally with said received authentication message. 10. The method according to claim 9, characterized in that the step of generating a locally generated authentication message is carried out in accordance with a set of identification parameters of the mobile station, stored in said base station. The method according to claim 9, characterized in that the step of generating said local version of said first number comprises establishing part of said local version of said first number for said number of digits in said sequence of dialed digits, received. 12. A mobile station comprising: means for receiving a sequence of dialed digits, entered by the user of a mobile station, which identify a target communication unit; means for generating a first number derived from said sequence of dialed digits and the number of digits in said sequence of dialed digits; means for generating an authentication message according to said first number; and means for transmitting said sequence of dialed digits and said authentication message from said mobile station to a remote base station. 13. The mobile station according to claim 12, characterized in that it further comprises: identification parameter means of the mobile station to provide identification parameters; and wherein said means for generating an authentication message respond to said identification parameters. The mobile station according to claim 12, characterized in that said means for generating a first number establish part of said first number for said number of digits in said sequence of dialed digits. 15. A base station comprising: means for receiving in said base station a sequence of dialed digits and an authentication message transmitted by said mobile station; means for generating a local version of said first number derived from said received sequence of dialed digits and the number of digits in said received sequence of dialed digits; means for generating a locally generated authentication message in accordance with said first locally generated number; and means for comparing said authentication message generated locally with said received authentication message. The method according to claim 15, characterized in that the means for generating said local version of said first number establish part of said first number for said number of digits in said received sequence of marked digits.