TW200303147A - Authentication of a mobile telephone - Google Patents

Authentication of a mobile telephone Download PDF

Info

Publication number
TW200303147A
TW200303147A TW91133952A TW91133952A TW200303147A TW 200303147 A TW200303147 A TW 200303147A TW 91133952 A TW91133952 A TW 91133952A TW 91133952 A TW91133952 A TW 91133952A TW 200303147 A TW200303147 A TW 200303147A
Authority
TW
Taiwan
Prior art keywords
response
authentication
mobile phone
message
random
Prior art date
Application number
TW91133952A
Other languages
Chinese (zh)
Inventor
Michael Green
Yoram Rimoni
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of TW200303147A publication Critical patent/TW200303147A/en

Links

Abstract

A method for enabling a mobile telephone to operate in a communications network, including: generating a random authentication number and an expected response to the random authentication number, and transmitting a forward short message service (SMS) message incorporating the random authentication number to the mobile telephone. The method further includes generating at the mobile telephone, responsive to the random authentication number, an authentication response, and receiving from the mobile telephone a return SMS message incorporating the authentication response. The method also includes performing a comparison between the authentication response in the return SMS message and the expected response, and authenticating the mobile telephone to operate in the communications network responsive to the comparison.

Description

200303147 ⑴ 玖、發明說明 (發明說明應敘明:發明所屬之技術領域、先前技術、内容、實施方式及圖式簡單說明) 相關申請案交互參考 本申請案主張西元2001年11月21曰申請之美國臨時專利 申請案案號為第60/332,117號申請案之優先權,該申請案示 於此以供參考。 發明領域 本發明係關於驗證之方法,且特定於一種用於鑑認一蜂 巢式通訊網路内操作之一行動電話。 發明背景 於一蜂巢式通訊網路内操作之一行動電話於能夠撥打 或接收呼叫之前經歷鑑認之一程序。尤其是,該鑑認防止 該行動電話之欺詐使用。其中鑑認被執行之二類網路為碼 劃分多重存取(CDMA)網路以及全球行動通訊系統(GSM)網 路,其以時間劃分多重存取(TDMA)格式操作。 圖1為解釋於一蜂巢式網路10内鑑認之一程序,如相關 技藝已知。網路10之一行動電話12傳輸一啟始信號至與一 基地台系統(BSS) 14通訊之一行動交換中心(MSC)16。為了在 該網路内被鑑認以操作,MSC 16指示一鑑認中心(AUC) 18 產生一隨機鑑認號碼20,通常為一三數組。鑑認號碼20於 一鑑認封包22内被傳輸至行動電話12。該產生被使用由本 籍位置暫存器(HLR)29衍生之資料而執行。MSC 16、AUC 18 及HLR 29被包括於BSS 14所耦合之網路10基幹内。該行動 電話經由包括於該行動電話内之鑑認演算法處理該鑑認 號碼以產生一答覆值24。該答覆值以一鑑認回應封包26傳 200303147200303147 玖 玖, description of the invention (the description of the invention should state: the technical field, prior art, content, implementation, and drawings of the invention are briefly explained) Related Applications Cross Reference This application claims the application of November 21, 2001 U.S. Provisional Patent Application No. 60 / 332,117 has priority and is hereby incorporated by reference. FIELD OF THE INVENTION The present invention relates to a method of authentication and is specific to a mobile phone for authenticating operation in a cellular communication network. BACKGROUND OF THE INVENTION A mobile phone operating in a cellular communication network undergoes a process of authentication before being able to make or receive calls. In particular, the authentication prevents fraudulent use of the mobile phone. Among them, the second type of network that is authenticated is a code division multiple access (CDMA) network and a Global System for Mobile communications (GSM) network, which operate in a time division multiple access (TDMA) format. FIG. 1 illustrates a procedure for authentication in a cellular network 10, as the related art is known. A mobile phone 12 on the network 10 transmits a start signal to a mobile switching center (MSC) 16 in communication with a base station system (BSS) 14. In order to be authenticated for operation within the network, the MSC 16 instructs an authentication center (AUC) 18 to generate a random authentication number 20, usually an array of three. The authentication number 20 is transmitted to the mobile phone 12 in an authentication packet 22. The generation is performed using data derived from the home location register (HLR) 29. MSC 16, AUC 18 and HLR 29 are included in the backbone of the network 10 to which BSS 14 is coupled. The mobile phone processes the authentication number via an authentication algorithm included in the mobile phone to generate a response value of 24. The reply value is 26 packets with an acknowledgement response 200303147

(2) 輸至該MSC。該MSC與AUC 18及HLR 29核對是否隨機號碼20 及答覆24滿足該網路之鑑認準則。假使該準則被滿足時, 該行動電話被允許在該網路内繼續操作。 網路10於網路基幹内亦包括一短訊服務中心(SMS-C)28 ,該中心能夠傳輸及接收短文數訊息。行動電話12可以被 製作為接收及傳輸此SMS訊息。通常,雖然較高字元數目 可以被傳送,但由一 SMS-C傳輸及接收之文數訊息由大約 128字元組成。(2) Loss to the MSC. The MSC checks with the AUC 18 and HLR 29 whether the random number 20 and the reply 24 meet the authentication criteria of the network. If the criteria are met, the mobile phone is allowed to continue operating within the network. The network 10 also includes a short message service center (SMS-C) 28 in the network backbone, which can transmit and receive short text messages. The mobile phone 12 can be made to receive and transmit this SMS message. Generally, although a higher number of characters can be transmitted, a message transmitted and received by an SMS-C consists of about 128 characters.

假使網路10包括一 CDMA網路,依據一工業標準協定, 如位於維吉尼亞州阿靈頓市電信通訊工業協會公開發行 之一 TIA/EIA/IS-2000-A-1標準操作時,行動電話12包括一 CDMA行動電話。AUC 18實施一 ANSI-41協定,其由第三代 合作專案2公開發行,可以在http://www.3gpp2.org找到,該協 定在此處以提及之方式併入本文中。在此案例中,由該鑑 認中心傳送之隨機鑑認號碼20為一 32-位元數目,以及由該 CDMA行動電話產生之答覆值24為一 18-位元數目。為了執 行該鑑認,該CDMA行動電話因此需要能夠傳輸其鑑認答 覆為一 18-位元數目。 假使網路10包括一 GSM網路,依據一工業標準協定,如 位於法國Sophia Antipolis Cedex之歐洲電信通訊標準學會公 開發行之一 ETSI TS 100 940 V7.8.0技術規範操作時,行動電 話12包括一 GSM 行動電話。該規範之章節4.3在此處以提 及之方式併入本文中,說明在一 GSM網路内遵守之鑑認程 序。在此案例中,由該鑑認中心傳送之隨機鑑認號碼20 200303147 (3) I 發零, 為一 128-位元數目,以及由該GSM行動電話產生之答覆值 為一 32-位元數目。為了在GSM網路内執行該鑑認,該GSM行 動電話因此需要能夠傳輸其鑑認答覆為一 32-位元數目。If the network 10 includes a CDMA network and operates according to an industry standard agreement, such as the TIA / EIA / IS-2000-A-1 standard publicly issued by the Telecommunications and Communications Industry Association, Arlington, Virginia, The mobile phone 12 includes a CDMA mobile phone. AUC 18 implements an ANSI-41 agreement, which was released publicly by the Third Generation Partnership Project 2 and can be found at http://www.3gpp2.org, which agreement is incorporated herein by reference. In this case, the random authentication number 20 transmitted by the authentication center is a 32-bit number, and the response value 24 generated by the CDMA mobile phone is an 18-bit number. To perform this authentication, the CDMA mobile phone therefore needs to be able to transmit its authentication response as an 18-bit number. If the network 10 includes a GSM network, according to an industry standard agreement, such as the European Telecommunications Standards Institute in Sophia Antipolis Cedex, one of the publicly issued ETSI TS 100 940 V7.8.0 technical specifications, the mobile phone 12 includes a GSM mobile phone. Section 4.3 of the specification is incorporated herein by reference, describing the authentication procedures to be followed within a GSM network. In this case, the random authentication number 20 200303147 (3) I sent by the authentication center is zero, which is a 128-bit number, and the response value generated by the GSM mobile phone is a 32-bit number . In order to perform the authentication in the GSM network, the GSM mobile phone therefore needs to be able to transmit its authentication response as a 32-bit number.

然而,假使一 CDMA行動電話將於一 GSM網路内操作時, 該CDMA行動電話需要產生一 32-位元數目之鑑認答覆,大 於該CDMA行動電話之18-位元能力。為了克服該CDMA行動 電話之受限能力,該技藝已知之方法包含修改GSM鑑認中 心及CDMA行動電話二者之軟體。當該CDMA行動電話將於 其本機CDMA環境内操作時,該軟體由其原始軟體取代。 該技藝已知之另一程序為將修改GSM中心之軟體,如此僅 有"CDMA-類”鑑認於該GSM網路内可操作之CDMA行動電 話上被執行。該等二方法將被體會出具有問題。 發明總結 本發明之一些特徵之一目的為提供一種用於鑑認一行 動電話以於一通訊網路内操作之方法及系統。However, if a CDMA mobile phone is to operate in a GSM network, the CDMA mobile phone needs to generate a 32-bit number of authentication responses, which is greater than the 18-bit capability of the CDMA mobile phone. In order to overcome the limited capabilities of the CDMA mobile phone, methods known in the art include modifying software for both the GSM authentication center and the CDMA mobile phone. When the CDMA mobile phone will operate in its native CDMA environment, the software is replaced by its original software. Another procedure known in the art is to modify the software of the GSM center, so that only "CDMA-type" authentication is performed on CDMA mobile phones that are operable in the GSM network. These two methods will be realized Summary of the invention One of the features of the present invention is to provide a method and system for identifying a mobile phone for operation in a communication network.

在本發明之一較佳具體實施例中,一行動電話將於一蜂 巢式通訊網路内操作。該網路之一基地台或是一交換中心 藉由傳輸一訊息形式之一鑑認請求至該行動電話以鑑認 該行動電話,該訊息通常為一短訊系統(SMS)訊息最佳。 該SMS訊息包括定義該SMS訊息為鑑認請求之一第一識別 符,與使用為一部分鑑認程序之一隨機號碼一起。藉由分 析該第一識別符,該行動電話認知該SMS訊息為該鑑認請 求以及經由包括於該行動電話内之鑑認演算法處理該伴 隨隨機號碼,以產生一鑑認回應。該回應以由該行動電話 200303147 (4) I费體明:料: 傳輸之一回傳SMS訊息傳送至該網路。該回傳SMS訊息傳 包括一第二識別符,定義該回傳訊息為包含該鑑認回應。 該網路由該回傳訊息回復該回應,以及比較該回復之回應 與一期待回應,以鑑認該行動電話。使用SMS訊息為鑑認 請求及回應之傳遞系統避免該技藝已知系統之隨機號碼 大小及回應之限制。 在本發明之一些較佳具體實施例中,該行動電話能夠於 至少二通訊網路内操作。各網路包括一種不同之鑑認協定 ,各協定定義該隨機號碼及回應之不同大小。該行動電話能 夠在其”本機”網路内被鑑認,或是於一種不同之協定下操 作,而由一網路移至另一網路時不需要修改軟體或硬體。 在本發明之另一較佳具體實施例中,該行動電話操作之 網路支援資料叢集訊息(DBMs)、傳輸至該行動電話之鑑認 請求訊息以及由該行動電話傳輸之鑑認回應訊息被傳送 為DBMs。最佳地是,該DBMs為由該網路正操作下之一通 訊協定已經支援之一類。 本發明將由該等較佳具體實施例之詳細說明與附圖一 起採用而更加地瞭解,其中: 圖式之簡單說明 圖1為解釋一蜂巢式通訊網路之一鑑認處理之一圖式概 要圖,如相關技藝已知; 圖2為解釋一行動電話之一鑑認處理之一圖式概要圖; 如本發明之一較佳具體實施例;以及 圖3為顯示圖2在一通訊網路内操作之行動電話鑑認所 200303147 (5) \mmm: 涉及步驟之順序圖,如本發明之一較佳具體實施例。 圖式之詳細說明In a preferred embodiment of the invention, a mobile phone will operate within a cellular communication network. A base station or a switching center of the network authenticates the mobile phone by transmitting an authentication request in the form of a message to the mobile phone. The message is usually a short message system (SMS) message. The SMS message includes a first identifier defining the SMS message as an authentication request, along with a random number used as part of the authentication procedure. By analyzing the first identifier, the mobile phone recognizes the SMS message as the authentication request and processes the accompanying random number through an authentication algorithm included in the mobile phone to generate an authentication response. The response was sent to the network by the mobile phone 200303147 (4) I Expenses: Material: One of the transmitted SMS messages. The return SMS message includes a second identifier, defining the return message as including the authentication response. The network routes the return message to reply to the response, and compares the response of the reply with an expected response to authenticate the mobile phone. The use of SMS messages as the delivery system for authentication requests and responses avoids the random number size and response limitations of systems known in the art. In some preferred embodiments of the invention, the mobile phone is capable of operating in at least two communication networks. Each network includes a different authentication protocol, each protocol defining the random number and the different sizes of the response. The mobile phone can be authenticated within its "native" network or operate under a different protocol without the need to modify software or hardware when moving from one network to another. In another preferred embodiment of the present invention, the network support data cluster messages (DBMs) operated by the mobile phone, the authentication request message transmitted to the mobile phone, and the authentication response message transmitted by the mobile phone are Transfer as DBMs. Optimally, the DBMs are a type that is already supported by a communication protocol that is being operated by the network. The present invention will be better understood by using the detailed description of these preferred embodiments together with the accompanying drawings, in which: a brief description of the drawings FIG. 1 is a schematic diagram illustrating an authentication process of a cellular communication network As the related art is known; FIG. 2 is a schematic diagram explaining an authentication process of a mobile phone; FIG. 3 is a preferred embodiment of the present invention; and FIG. The mobile phone authentication institute 200303147 (5) \ mmm: a sequence diagram of steps, such as a preferred embodiment of the present invention. Detailed description of the schema

現在參考圖2,該圖為解釋一行動電話32之一鑑認處理 之一圖式概要圖;如本發明之一較佳具體實施例。行動電 話3 2被調適為於一蜂巢式通訊網路30内操作,其依據一第 一工業標準蜂巢式通訊協定作用。該行動電話包括電路35 使該行動電話能夠操作。更佳地是,行動電話32被調適為 依據第一協定操作,以及依據一第二工業標準蜂巢式通訊 協定可操作。例如,該第一協定包括一全球行動通訊系統 (GSM)協定,如本發明之背景所參考之一 ETSI TS 100 940 V7.8.0技術規範,以及該第二協定包括一碼劃分多重存取 (CDMA)協定,如本發明之背景亦參考之一 TIA/EIA/IS-2000 -A-1標準。另外,行動電話32依據一 GSM或是一 CDMA工業 標準協定,或是依據該技藝已知之另一協定可操作。Reference is now made to Fig. 2, which is a schematic diagram explaining an authentication process of a mobile phone 32; as a preferred embodiment of the present invention. The mobile telephone 32 is adapted to operate within a cellular communication network 30, which functions according to a first industry standard cellular communication protocol. The mobile phone includes a circuit 35 to enable the mobile phone to operate. More preferably, the mobile phone 32 is adapted to operate in accordance with a first protocol and is operable in accordance with a second industry standard cellular communication protocol. For example, the first protocol includes a Global System for Mobile Communications (GSM) protocol, such as one of the ETSI TS 100 940 V7.8.0 technical specifications referred to in the background of the present invention, and the second protocol includes a code division multiple access (CDMA) ) Agreement, such as the background of the present invention, also refer to one of the TIA / EIA / IS-2000-A-1 standards. In addition, the mobile phone 32 is operable according to a GSM or a CDMA industry standard protocol, or another protocol known in the art.

一基地台系統(BSS) 34被耦合至一行動交換中心(MSC) 40 ,其依序耦合至一鑑認中心(AUC) 36以及一本籍位置暫存 器(HLR)38。可選擇地是,一短訊服務中心(SMS-C)42亦可以 被耦合至 MSC 40。BSS 34、AUC 36、HLR 38以及 MSC 40 其中 至少一作用為一網路控制中心37,控制網路30内之傳輸。 除了下文描述之不同以外,AUC 36、HLR 38,MSC 40以及 SMS-C 42 — 般分別操作為 AUC 18、HLR 29,MSC 16 以及 SMS-C 28,參考本發明背景之圖1。 行動電話32希望於網路30内操作,以及傳輸一啟始信號 至BSS 34。為鑑認該行動電話,BSS 34傳輸被囊封於一第 -10- 200303147 ⑹A base station system (BSS) 34 is coupled to a mobile switching center (MSC) 40, which is sequentially coupled to an authentication center (AUC) 36 and a home location register (HLR) 38. Alternatively, a short message service center (SMS-C) 42 may also be coupled to the MSC 40. At least one of the BSS 34, AUC 36, HLR 38, and MSC 40 functions as a network control center 37 to control the transmission within the network 30. In addition to the differences described below, AUC 36, HLR 38, MSC 40, and SMS-C 42 generally operate as AUC 18, HLR 29, MSC 16, and SMS-C 28, respectively, with reference to Figure 1 of the background of the present invention. The mobile phone 32 desires to operate within the network 30 and transmit a start signal to the BSS 34. To identify the mobile phone, the BSS 34 transmission was encapsulated in a -10- 200303147 ⑹

一轉送訊息48内之一隨機鑑認號碼44至行動電話32。除了 在下文另外陳述以外,訊息48被假設為包括一 SMS訊息。 訊息48結合一識別符46於該訊息内,所以行動電話32能夠 認知SMS訊息48為運輸該隨機鑑認號碼之一特殊訊息。在 SMS訊息48之接收上,行動電話32解碼該訊息、回復隨機 鑑認號碼44之值以及應用該回復之值至包括於該行動電 話内之鑑認演算法以產生一鑑認回應。較佳地是,用於解 碼該訊息48、回復號碼44之軟體以及該鑑認演算法被結合 為一分離之可取代元件3 1,最佳地是結合為行動電話32内 之一用戶識別模組(SIM)。另外,該軟體被完整地結合於 該行動電話之一記憶體33内。One of the random identification numbers 44 in the forwarding message 48 is to the mobile phone 32. Unless stated otherwise below, message 48 is assumed to include an SMS message. The message 48 is combined with an identifier 46 in the message, so the mobile phone 32 can recognize the SMS message 48 as a special message for transporting the random authentication number. Upon receiving the SMS message 48, the mobile phone 32 decodes the message, responds to the value of the random authentication number 44, and applies the value of the reply to the authentication algorithm included in the mobile phone to generate an authentication response. Preferably, the software for decoding the message 48, the reply number 44 and the authentication algorithm are combined into a separate replaceable element 31, most preferably as a user identification module in the mobile phone 32 Group (SIM). In addition, the software is fully integrated into a memory 33 of the mobile phone.

行動電話32結合該鑑認回應於一第二回傳訊息54為一 答覆值50,以及傳輸該訊息至BSS 34。除了在下文另外陳 述以外,訊息54被假設包括一 SMS訊息。行動電話32結合 一識別符52於該訊息54内,所以該訊息能夠被認知為運輸 該鑑認答覆之一特殊訊息。SMS訊息54由BSS 34路由至MSC 40,由識別符52認知該訊息為包括該鑑認答覆,以及由該 訊息擷取答覆值50。MSC 40檢查該值50與隨機鑑認號碼44 相對應之期待回應,以及假使具有一相對應性時,鑑認行 動電話32。藉由結合隨機鑑認號碼與答覆值50於SMS訊息 内,該隨機鑑認號碼與答覆值之大小限制,為藉由該行動 電話32操作之下之不同協定所定義,被克服。由於SMS訊 息能夠傳輸128或更多8-位元字元,所以該等限制被克服。 圖3為顯示網路30内操作之行動電話3 2鑑認所涉及之步 -11 - 200303147The mobile phone 32 combines the authentication response with a second return message 54 as a reply value 50, and transmits the message to the BSS 34. Except as described below, the message 54 is assumed to include an SMS message. The mobile phone 32 incorporates an identifier 52 in the message 54, so the message can be recognized as a special message for transporting the authentication reply. The SMS message 54 is routed from the BSS 34 to the MSC 40, and the identifier 52 recognizes the message as including the authentication reply, and retrieves a reply value 50 from the message. The MSC 40 checks the expected response corresponding to the value 50 and the random authentication number 44 and, if there is a correspondence, authenticates the mobile phone 32. By combining the random authentication number and the response value 50 in the SMS message, the size limitation of the random authentication number and the response value is defined by different protocols under the operation of the mobile phone 32 and is overcome. These limitations are overcome because SMS messages can transmit 128 or more 8-bit characters. Figure 3 shows the steps involved in the authentication of a mobile phone 3 operating within the network 30 -11-200303147

⑺ 驟之一順序圖60,如本發明之一較佳具體實施例。藉由舉 例方式,網路30被假設依據一 GSM協定操作。順序圖60解 釋行動電話32已經發出一啟始傳輸,由BSS 34接收以及等 待鑑認之前及之後執行之步驟。該啟始傳輸結合一國際行 動用戶識別(IMSI),通常為行動電話32之電話號碼,當其 起初於該網路註冊時已經被分配至該行動電話,而且亦儲 存於該AUC 36内。亦且在註冊時,行動電話32被分配一用 戶鑑認键(Ki),其被儲存於該行動電話與AUC 36二者内。One of the steps is shown in FIG. 60, which is a preferred embodiment of the present invention. By way of example, the network 30 is assumed to operate according to a GSM protocol. The sequence diagram 60 illustrates the steps that the mobile phone 32 has issued an initial transmission, received by the BSS 34, and waiting to be performed before and after authentication. The initiation transmission is combined with an International Mobile Subscriber Identity (IMSI), usually the phone number of mobile phone 32, which was assigned to the mobile phone when it was initially registered on the network, and is also stored in the AUC 36. Also at the time of registration, the mobile phone 32 is assigned a user authentication key (Ki), which is stored in both the mobile phone and AUC 36.

在第一步驟62中,AUC 36產生一隨機號碼(RAND)以及使 用RAND計算一識別參數,訂為信號回應(SRES),其為RAND 及Ki之一函數。AUC 36亦計算一加密鍵(Kc),其為Ki及RAND 之一函數。IMSI、Kc、RAND以及SRES於被傳送以及儲存於 HLR38 内。 在第二步騾64中,於該MSC已經經由BSS 34接收該啟始傳 輸之後HLR 38傳送IMSI、Kc、RAND以及SRES之值至MSC 40。該 MSC 40為之後之比較目的儲存IMSI、Kc、RAND以及SRES。In a first step 62, the AUC 36 generates a random number (RAND) and uses RAND to calculate an identification parameter, which is designated as a signal response (SRES), which is a function of RAND and Ki. AUC 36 also calculates a cryptographic key (Kc), which is a function of Ki and RAND. IMSI, Kc, RAND and SRES are transmitted and stored in HLR38. In the second step 骡 64, the HLR 38 transmits the values of IMSI, Kc, RAND and SRES to the MSC 40 after the MSC has received the initial transmission via the BSS 34. The MSC 40 stores IMSI, Kc, RAND, and SRES for later comparison purposes.

在第三步驟66中,MSC 40結合該RAND值,相對應於該隨 機鑑認號碼44(圖2)至SMS訊息48内。該SMS訊息經由一交 通或是一控制通道被傳送至BSS 34。另外,假使網路30包 括一 CDMA 2000網路時,該傳送可以使用一應用資料傳遞 服務(ADDS)而完成。 在第四步驟68中,BSS 34增加識別符46至該訊息以及傳 輸該訊息至行動電話32。 在第五步驟70中,行動電話32藉由使用包括於行動電話 -12- 200303147 ⑻ 奪明說麻績頁 之SIM 31或記憶體33之軟體識別符46識別SMS訊息48為包 括號碼44之一訊息。該行動電話使用號碼44以及該行動電 話儲存之IMSI及Ki值產生答覆值50為回應號碼44之一信號 。該行動電話之後建構SMS訊息54,結合答覆值50以及識 別符52。 在第六步驟74中,該行動電話傳輸SMS訊息54至BSS 34。In the third step 66, the MSC 40 combines the RAND value and corresponds to the random authentication number 44 (Fig. 2) into the SMS message 48. The SMS message is transmitted to the BSS 34 via a traffic or a control channel. In addition, if the network 30 includes a CDMA 2000 network, the transmission can be performed using an application data delivery service (ADDS). In a fourth step 68, the BSS 34 adds an identifier 46 to the message and transmits the message to the mobile phone 32. In the fifth step 70, the mobile phone 32 recognizes the SMS message 48 as one of the bracketed code 44 by using the software identifier 46 of the SIM 31 or the memory 33 included in the mobile phone -12- 200303147. The mobile phone uses the number 44 and the IMSI and Ki values stored by the mobile phone to generate a response value of 50 as one of the signals of the response number 44. The mobile phone then constructs an SMS message 54 combining the response value 50 and the identifier 52. In a sixth step 74, the mobile phone transmits an SMS message 54 to the BSS 34.

在最終步驟76中,BSS 34傳送SMS訊息54至MSC 40,其由 識別符52識別該SMS訊息為該鑑認SMS訊息48之一回應。 MSC 40之後由訊息54回復答覆值50之值為一信號回應以及 比較該回復值與在第二步驟64中由HLR 38接收之SRES之期 待值。假使二信號回應吻合時,MSC 40鑑認該行動電話; 而假使該等回應不吻合時,該行動電話不被鑑認。 將體會到參考圖2及圖3之上文說明實質上應用於一蜂 巢式通訊網路内操作之任何行動收發器,其中該收發器能 夠傳輸及接收SMS訊息。因此,本發明之範疇不限於由收 發器及/或網路所利用之任何特定協定或方法。In a final step 76, the BSS 34 sends an SMS message 54 to the MSC 40, which is identified by the identifier 52 as a response to one of the authenticated SMS messages 48. The MSC 40 then returns the value of the reply value 50 from the message 54 as a signal response and compares the reply value with the expected value of the SRES received by the HLR 38 in the second step 64. If the two signal responses match, the MSC 40 authenticates the mobile phone; if the responses do not match, the mobile phone is not authenticated. It will be appreciated that the above description with reference to Figs. 2 and 3 applies to virtually any mobile transceiver operating within a cellular communication network, wherein the transceiver is capable of transmitting and receiving SMS messages. Therefore, the scope of the present invention is not limited to any particular protocol or method utilized by the transceiver and / or the network.

在本發明之其他較佳具體實施例中,其中BSS 34及行動 電話32能夠經由一展頻系統如碼劃分多重存取(CDMA)系 統、訊息48及54(圖2),包括短資料叢集訊息通訊。資料叢 集訊息在TIA/EIA/IS-2000-A-1中說明以及特徵化,參考本發 明之發明背景。該資料叢集訊息較佳為依據結合於該標準 内之其中之一預先定義之一類別製作,或是另外經由一訂 製-定義之類別製作。假使訊息48及54為資料叢集訊息之形 式時,則在第六步驟74及最終步驟76中,BSS 34識別該資 -13 -In other preferred embodiments of the present invention, the BSS 34 and the mobile phone 32 can pass a spread spectrum system such as a code division multiple access (CDMA) system, messages 48 and 54 (FIG. 2), including short data cluster messages. communication. The data cluster information is described and characterized in TIA / EIA / IS-2000-A-1, with reference to the inventive background of the present invention. The data cluster information is preferably produced based on one of the predefined categories incorporated in the standard, or is otherwise produced through a custom-defined category. If the messages 48 and 54 are in the form of a data cluster message, in the sixth step 74 and the final step 76, the BSS 34 identifies the information -13-

200303147 (9) 料叢集訊 MSC 40。 之比較。 藉由結 之這些號 ,亦即該Pi 特定協定 因此使一 改該行動 將體會 述,以及^ 實施例。 樣之結合 說明時將 不在先前 圖式代表 10、30 12、32 16、40 14、34 18、36 20、44 22 29 ' 38 息為一鑑認回應、回復答覆值50以及提供該值至 該MSC則執行介於該回復值與SRES之期待值之間 合隨機鑑認號碼與回應至SMS或資料叢集訊息 碼,號碼及回應之大小限制被避免。此大小限制 i機鑑認號碼及其回應之個別位元數通常藉由一 加以定義。使用SMS或資料叢集訊息為傳遞系統 行動電話能夠在各種不同協定中鑑認,而不用修 電話之軟體或硬體。 上文說明之較佳具體實施例為藉由舉例方式引 ^發明不限於已經於上文特別顯示及說明之具體 而是,本發明之範疇包含上文說明之各種不同態 以及子集合,以及其中之變化及修正在閱讀先前 發生於熟知相關技藝之人士,且該等變化及修正 技藝中揭示。 符號說明 細胞式網路 行動電話 行動交換中心 基地台系統 鑑認中心 鑑認號碼 鑑認封包 本地位置暫存器200303147 (9) Cluster news MSC 40. Comparison. With these numbers in mind, that is, the Pi specific agreement, so that the action will be changed as described, as well as the embodiment. Such a combination description will not be represented in the previous drawing. 10, 30 12, 32 16, 40 14, 34 18, 36 20, 44 22 29 '38 The MSC performs a random authentication number between the response value and the expected value of the SRES and responds to the SMS or data cluster message code. Limitations on the size of the number and response are avoided. This size limit is usually defined by the unit identification number and the number of individual bits in the response. Using SMS or data cluster messaging as a delivery system Mobile phones can be authenticated in a variety of protocols without the need to modify the phone's software or hardware. The preferred embodiments described above are cited by way of example. The invention is not limited to the specifics that have been specifically shown and described above. The scope of the invention includes the various states and sub-sets described above, and Changes and amendments are disclosed in Reading previously occurred to those familiar with the relevant art, and these changes and amendments are revealed. Symbol description Cellular network Mobile phone Mobile switching center Base station system Authentication center Authentication number Authentication packet Local location register

-14- 200303147 (ίο) 24、50 答覆值 26 鑑認回應封包 28、42 短訊服務中心 35 電路 37 網路控制中心 48、54 訊息 46、52 識別符 31 可取代元件 33 記憶體-14- 200303147 (ίο) 24, 50 reply value 26 authentication response packet 28, 42 SMS service center 35 circuit 37 network control center 48, 54 message 46, 52 identifier 31 replaceable component 33 memory

Claims (1)

200303147 拾、申請專利範圍 1 . 一種用於使行動電話能夠於通訊網路内操作之方法,其 包括: 產生一隨機鑑認號碼以及該隨機鑑認號碼之一期待 回應; 傳輸結合該隨機鑑認號碼之一轉送短訊服務(SMS)訊 息至該行動電話; 在行動電話回應該隨機鑑認號碼而產生一鑑認回應; 由該行動電話接收結合該鑑認回應之一回傳S M S訊 息; 執行介於該回傳SMS訊息之鑑認回應與該期待回應 之間之一比較;以及 回應該比較以鑑認該行動電話以在通訊網路内操作。 2 .如申請專利範圍第1項之方法,其中該行動電話被調適 為於複數個不同通訊協定内可操作。 3 .如申請專利範圍第2項之方法,其中該鑑認號碼包括一 隨機鑑認號碼大小與該期待回應以及該鑑認回應各包 括一期待之回應大小,以及其中該隨機鑑認號碼大小與 該期待之回應大小具有包括於複數個協定内之可回應 之個別協定之值。 4.如申請專利範圍第1項之方法,其包括: 結合一適用之前向識別符於該轉送SMS内以使該行 動電話能夠認知該轉送SMS訊息為一鑑認請求;以及 該行動電話結合一反向識別符於該回傳SMS訊息内 200303147200303147 Patent application scope 1. A method for enabling a mobile phone to operate in a communication network, comprising: generating a random authentication number and expecting a response from one of the random authentication numbers; transmitting and combining the random authentication number One sends a short message service (SMS) message to the mobile phone; the mobile phone responds to a random authentication number to generate an authentication response; the mobile phone receives an SMS message back in conjunction with one of the authentication responses; A comparison between the authentication response of the returned SMS message and the expected response; and a response comparison to authenticate the mobile phone for operation within the communication network. 2. The method of claim 1 in which the mobile phone is adapted to be operable in a plurality of different communication protocols. 3. The method according to item 2 of the scope of patent application, wherein the authentication number includes a random authentication number size and the expected response, and the authentication response each includes an expected response size, and wherein the random authentication number size and The expected response size has the value of individual agreements that can be responded to included in the multiple agreements. 4. The method of claim 1 in the scope of patent application, which comprises: combining a prior identifier in the forwarding SMS so that the mobile phone can recognize the forwarding SMS message as an authentication request; and combining the mobile phone with an Reverse identifier in the returned SMS message 200303147 ,以致於該回傳SMS訊息被認知為一鑑認回答。 5 . —種用於使一行動電話能夠於一通訊網路内操作之裝 置,其包括: 一網路控制中心,其適用於: 產生一隨機鑑認號碼以及該隨機鑑認號碼之一期待 回應, 結合該隨機鑑認號碼至一轉送短訊服務(SMS)訊息内 ,以及 傳輸該轉送SMS訊息至該行動電話;以及 電路,被包括於該行動電話内,其被調適為: 回應該隨機鑑認號碼而產生一鑑認回應, 結合該鑑認回應於一回傳SMS訊息内,以及 傳輸該回傳SMS訊息至該網路控制中心, 該網路控制中心尚被調適為執行介於該鑑認回應與 該期待回應之間之一比較;以及回應該比較以鑑認該行 動電話於該通訊網路内操作。 6 .如申請專利範圍第5項之裝置,其中該網路控制中心包 括一基地台(BSS)、一行動交換中心(MSC)以及一鑑認中 心(AUC)其中之至少一裝置。 7.如申請專利範圍第5項之裝置,其中該電路被調適為於 複數個不同通訊協定内操作該行動電話。 8 .如申請專利範圍第7項之裝置,其中該隨機鑑認號碼包 200303147, So that the returned SMS message is recognized as an authentication response. 5. A device for enabling a mobile phone to operate in a communication network, comprising: a network control center, which is adapted to: generate a random authentication number and expect one of the random authentication numbers, Combining the random authentication number into a forwarding short message service (SMS) message, and transmitting the forwarding SMS message to the mobile phone; and a circuit included in the mobile phone, which is adapted to: respond to random authentication An authentication response is generated from the number, combined with the authentication response in a backhaul SMS message, and transmitting the backhaul SMS message to the network control center, the network control center is still adapted to perform the authentication between A comparison between the response and the expected response; and a response comparison to identify the mobile phone operating within the communication network. 6. The device according to item 5 of the patent application, wherein the network control center includes at least one of a base station (BSS), a mobile switching center (MSC), and an authentication center (AUC). 7. The device of claim 5 in which the circuit is adapted to operate the mobile phone within a plurality of different communication protocols. 8. The device according to item 7 of the scope of patent application, wherein the random identification number packet 200303147 小與該期待之回應大小具有包括於複數個協定内之可 回應之個別協定之值。 9 .如申請專利範圍第5項之裝置,其中該網路控制中心被 調適為使該電路能夠認知該轉送SMS訊息為一鑑認請 求之一前向識別符結合於該轉送SMS訊息内,以及其中 該電路被調適為使該網路控制中心能夠認知該回傳 SMS訊息為一鑑認回答之一反向識別符結合於該回傳 SMS訊息内。 10. —種用於使行動電話能夠調用於傳輸及接收資料叢集 訊息之通訊網路内操作之方法,其包括: 產生一隨機鑑認號碼以及該隨機鑑認號碼之一期待 回應; 傳輸結合該隨機鑑認號碼之一轉送資料叢集訊息至 該行動電話; 在行動電話回應該隨機鑑認號碼而產生一鑑認回應; 由該行動電話接收結合該鑑認回應之一回傳資料叢 集訊息; 執行介於該回傳資料叢集訊息之鑑認回應與該期待 回應之間之一比較;以及 回應該比較以鑑認該行動電話以在通訊網路内操作。 11. 一種用於使行動電話能夠調用於傳輸及接收資料叢集 訊息之通訊網路内操作之裝置,其包括: 一網路控制中心,其調用於: 產生一隨機鑑認號碼以及該隨機鑑認號碼之一期待 200303147The small and the expected response size has the value of individual agreements that can be responded to included in the multiple agreements. 9. The device according to item 5 of the patent application, wherein the network control center is adapted to enable the circuit to recognize that the forwarded SMS message is a forward identifier incorporated in the forwarded SMS message, and The circuit is adapted to enable the network control center to recognize that the returned SMS message is a reverse identifier of an authentication response and to be incorporated in the returned SMS message. 10. A method for enabling a mobile phone to operate in a communication network that transmits and receives data cluster messages, which includes: generating a random authentication number and expecting a response from one of the random authentication numbers; and combining the transmission with the random One of the authentication numbers forwards the data cluster message to the mobile phone; the mobile phone responds to the random authentication number to generate an authentication response; the mobile phone receives a data cluster message back in combination with one of the authentication responses; A comparison between the authentication response of the returned data cluster message and the expected response; and a response comparison to authenticate the mobile phone for operation within the communication network. 11. A device for enabling a mobile phone to call and operate in a communication network that transmits and receives data cluster messages, comprising: a network control center that calls: generating a random authentication number and the random authentication number One looking forward to 200303147 回應, 結合該隨機鑑認號碼至一轉送資料叢集訊息服内,以 及 傳輸該轉送資料叢集訊息至該行動電話;以及 電路,被包括於該行動電話内,其被調適為: 回應該隨機鑑認號碼而產生一鑑認回應,In response, combining the random authentication number into a forwarding data cluster message server and transmitting the forwarding data cluster message to the mobile phone; and a circuit included in the mobile phone, which is adapted to: respond to the random authentication Number and generate an authentication response, 結合該鑑認回應於一回傳資料叢集訊息内,以及 傳輸該回傳資料叢集訊息至該網路控制中心, 該網路控制中心尚被調適為執行介於該鑑認回應與 該期待回應之間之一比較;以及回應該比較以鑑認該行 動電話於該通訊網路内操作。 12. —種用於使一行動電話能夠於一通訊網路内操作之裝 置,其包括: 網路控制裝置,其調用於: 產生一隨機鑑認號碼以及該隨機鑑認號碼之一期待 回應,Combining the authentication response in a backhauled data cluster message and transmitting the backhauled data cluster message to the network control center, the network control center is still adapted to execute a response between the authentication response and the expected response. A comparison; and a response comparison to verify that the mobile phone is operating within the communication network. 12. A device for enabling a mobile phone to operate in a communication network, comprising: a network control device, which is called: generating a random authentication number and expecting a response from one of the random authentication numbers, 結合該隨機鑑認號碼至一轉送短訊服務(SMS)訊息内 ,以及 傳輸該轉送SMS訊息至該行動電話;以及 電路裝置,被包括於該行動電話内,其被調適為: 回應該隨機鑑認號碼而產生一鑑認回應, 結合該鑑認回應於一回傳SMS訊息内,以及 傳輸該回傳SMS訊息至該網路控制裝置, 該網路控制裝置尚被調適為執行介於該鑑認回應與 200303147Combining the random authentication number into a forwarding short message service (SMS) message and transmitting the forwarding SMS message to the mobile phone; and a circuit device included in the mobile phone, which is adapted to: respond to the random authentication An identification response is generated, combining the authentication response in a backhaul SMS message, and transmitting the backhaul SMS message to the network control device, the network control device is still adapted to perform the authentication between the authentication Acknowledge response with 200303147 該期待回應之間之一比較;以及回應該比較以鑑認該行 動電話於該通訊網路内操作。 13. 如申請專利範圍第12項之裝置,其中該電路裝置被調適 為於複數個不同通訊協定内操作該行動電話。 14. 如申請專利範圍第13項之裝置,其中該隨機鑑認號碼包 括一隨機鑑認號碼大小與該期待回應以及該鑑認回應 各包括一期待之回應大小,以及其中該隨機鑑認號碼大 小與該期待之回應大小具有包括於複數個協定内之可 回應之個別協定之值。 15. 如申請專利範圍第12項之裝置,其中該網路控制裝置被 調適為使該電路能夠認知該轉送SMS訊息為一鑑認請 求之一前向識別符結合於該轉送SMS訊息内,以及其中 該電路被調適為使該網路控制中心能夠認知該回傳 SMS訊息為一鑑認回答之一反向識別符結合於該回傳 SMS訊息内。A comparison between the expected response; and a response comparison to identify the mobile phone operating within the communication network. 13. The device of claim 12 in which the circuit device is adapted to operate the mobile phone within a plurality of different communication protocols. 14. For the device in the scope of application for patent item 13, wherein the random authentication number includes a random authentication number size and the expected response, and the authentication response each includes an expected response size, and wherein the random authentication number size The size of the response to that expectation has the value of an individual agreement that can be responded to included in the multiple agreements. 15. The device of claim 12 wherein the network control device is adapted to enable the circuit to recognize that the forwarded SMS message is a forward identifier incorporated in the forwarded SMS message, and The circuit is adapted to enable the network control center to recognize that the returned SMS message is a reverse identifier of an authentication response and to be incorporated in the returned SMS message.
TW91133952A 2001-11-21 2002-11-21 Authentication of a mobile telephone TW200303147A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US33211701P 2001-11-21 2001-11-21

Publications (1)

Publication Number Publication Date
TW200303147A true TW200303147A (en) 2003-08-16

Family

ID=51660889

Family Applications (1)

Application Number Title Priority Date Filing Date
TW91133952A TW200303147A (en) 2001-11-21 2002-11-21 Authentication of a mobile telephone

Country Status (1)

Country Link
TW (1) TW200303147A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8073426B2 (en) 2005-02-01 2011-12-06 Ntt Docomo. Inc. Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8073426B2 (en) 2005-02-01 2011-12-06 Ntt Docomo. Inc. Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method

Similar Documents

Publication Publication Date Title
RU2370901C2 (en) Checking contact permissibility and updating reliable contacts of mobile wireless communication devices
US20030096595A1 (en) Authentication of a mobile telephone
US9065641B2 (en) Method and device for updating a key
US8630420B2 (en) Method for auto-configuration of a network terminal address
CN1835436B (en) General power authentication frame and method of realizing power auttientication
US11444873B2 (en) Message routing to devices with non-routable addresses
CA2612847A1 (en) Exchange and use of globally unique device identifiers for circuit-switched and packet switched integration
US20050107100A1 (en) Method of modifying parameters of user terminal, radio system and user terminal
CN110784865A (en) Network distribution method and terminal of Internet of things equipment, Internet of things equipment and network distribution system
US7945246B2 (en) System and method for establishing authenticated network communications in electronic equipment
RU2384018C2 (en) Expansion of signaling communications protocol
US20070066292A1 (en) Over the air provisioning of a wireless mobile station using IP multimedia subsystem mode
JP2002152190A (en) Method for distributing cipher key through overlay data network
EP1662829B1 (en) System and method for assigning a permanent personal identification number (PIN) to a mobile communication device
TW200303147A (en) Authentication of a mobile telephone
KR20080010077A (en) System and method for providing information and program recording medium
CN107950043B (en) Method, terminal, service platform, access point and access point background for verifying wireless local area network access point
KR101058676B1 (en) Relay server and system that provides call forwarding information
KR101212131B1 (en) Method And System for Providing Address Modification Service by Using Short Message Service
KR100957237B1 (en) Method and System for Updating the Address Book Using the Change Information of the Calling Party Number
KR100754141B1 (en) Short message service system and method thereof
KR20080036176A (en) Method for providing information
CN101489192A (en) User information preservation method, system and apparatus
KR20040088636A (en) Method for Treatment of Feature Code Using The Dual Stack System in the WCDMA Core Network
WO2003046745A1 (en) Method and system for passing information between a mobile terminal and predetermined network entities in a hybrid network