Communication method and communication system
US-2024422539-A1 · Dec 19, 2024 · US
Authentication in a wireless access network
US9668129B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9668129-B2 |
| Application number | US-201113823580-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 14, 2011 |
| Priority date | Sep 14, 2010 |
| Publication date | May 30, 2017 |
| Grant date | May 30, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
To allow devices to authenticate to a wide area mobile network when they temporarily do not have a connection to a SIM card and to authenticate the base station and so protect against false base stations, a system is provided where certain authentication credentials are pre-fetched while connection to the SIM card and the authentication subsystem of the wide area mobile network are in signaling connection. These advance credentials are then presented by the devices in authentication requests without requiring access via the mobile network or the connected presence of the SIM card being necessary for successful authentication.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system having one or more entities, each entity having a processor and physical storage for facilitating authentication of at least one machine device with a wireless access network, the system comprising: a physical authentication storage device, that provides authentication information to other entities of the system during authentication processes; at least one machine device connected to a wireless access network and having a communication interface with the authentication storage device, such that the at least one machine device has a non-continuous connection with the authentication storage device, the authentication storage device providing the authentication information to the at least one machine device while connected to the at least one machine device, the authentication information including a hash pre-image of a random value, the hash pre-image allowing the machine device to determine the correctness of the pre-image by hashing the pre-image random value, and further allows the machine device to determine that the pre-image was issued by a valid base station; and a core network, that provides the at least one machine device with advance data, where the advance data is used by the one least one machine device to obtain the authentication information from the authentication storage device in advance of a subsequent authentication process of the said at least one machine device with the wireless access network, the subsequent authentication process occurring when the at least one machine device is not connected to the authentication storage device such that the subsequent authentication process is not dependent upon the at least one machine device having a current connection with the authentication storage device. 2. A system as claimed in claim 1 , wherein the advance data is communicated to the authentication storage device while the authentication storage device is in signaling connection with the wireless access network. 3. A system as claimed in claim 2 , further including a challenging node that is used by the at least one machine device to connect to the wireless access network, the challenging node being in signaling communication with the wireless access network, the challenging node: obtaining authentication vectors for the at least one machine device; and comparing the authentication vectors obtained with advance data presented by the at least one machine device. 4. A system as claimed in claim 3 , wherein the authentication vectors obtained by the challenge node include a substantially random number uniquely assigned to the at least one machine device and matching a substantially random number included within the advance data. 5. A system as claimed in claim 3 , wherein the authentication vectors obtained by the challenge node include a hash of a substantially random number uniquely assigned to the at least one machine device and matching a substantially random number included within the advance data, the system further including a device for generating a hash of a substantially random number included within the advance data. 6. A method for facilitating authentication at least one machine device over one or more wireless access networks, the at least one machine device being associated with an authentication storage means via a non-continuous connection, the method comprising: providing the at least one machine device with advance data while the at least one machine device is in signaling connection with the wireless access network; having the at least one machine device use the advance data to obtain authentication information form the authentication storage means in advance of an authentication process with a core network of the wireless access network, the authentication storage means providing the authentication information to the at least one device while connected to the at least one machine device, the authentication information including a hash pre-image of a random value, the hash pre-image allowing the machine device to determine the correctness of the pre-image by hashing the pre-image random value, and further allows the machine device to determine that the pre-image was issued by a valid base station; and subsequently, authenticating said at least one machine device with the core network of the wireless access network, such that the subsequent authentication is not dependent upon the at least one machine device having a current connection with the authentication storage means, the subsequent authentication occurring when the at least one machine device is not connected to the authentication storage. 7. A method as claimed in claim 6 , further including communicating the advance data to the authentication storage means while the authentication storage means is in signaling connection with the wireless access network. 8. A method as claimed in claim 7 , further including the at least one machine device connecting to the wireless access network via a challenging node the challenging node: being in signaling communication with the wireless access network; obtaining authentication vectors for the at least one machine device; and comparing the authentication vectors obtained with advance presented by the at least one machine device. 9. A method as claimed in claim 8 , wherein the authentication vectors obtained by the challenging node include a substantially random number uniquely assigned to the at least one machine device, the method further comprising: matching a substantially random number included in the advance data. 10. A method as claimed in claim 8 , wherein the authentication vectors obtained by the challenging node include a hash of a substantially random number uniquely assigned to the at least one machine device, the method further comprising: matching a substantially random number included in the advance data; and generating a hash of a substantially random number included within the advance data.
Assignees
Inventors
Classifications
- H04W12/06Primary
Authentication · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
Detection or prevention of fraud · CPC title
Key distribution or pre-distribution; Key agreement · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9668129B2 cover?
- To allow devices to authenticate to a wide area mobile network when they temporarily do not have a connection to a SIM card and to authenticate the base station and so protect against false base stations, a system is provided where certain authentication credentials are pre-fetched while connection to the SIM card and the authentication subsystem of the wide area mobile network are in signaling…
- Who is the assignee on this patent?
- Bone Nicholas, Howard Peter, Vodafone Ip Licensing Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 30 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).