[go: up one dir, main page]

WO2003036867A1 - System and method for performing mutual authentication between mobile terminal and server - Google Patents

System and method for performing mutual authentication between mobile terminal and server Download PDF

Info

Publication number
WO2003036867A1
WO2003036867A1 PCT/KR2002/001991 KR0201991W WO03036867A1 WO 2003036867 A1 WO2003036867 A1 WO 2003036867A1 KR 0201991 W KR0201991 W KR 0201991W WO 03036867 A1 WO03036867 A1 WO 03036867A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
authentication key
terminal
authentication
bits
Prior art date
Application number
PCT/KR2002/001991
Other languages
French (fr)
Other versions
WO2003036867B1 (en
Inventor
Byung-Ik Ahn
Chan-Ho Yun
Yuon-Pil Jeung
Chan-Min Park
Sang-Woo Han
Original Assignee
Ktfreetel Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR10-2001-0066359A external-priority patent/KR100462044B1/en
Priority claimed from KR10-2002-0028432A external-priority patent/KR100449572B1/en
Application filed by Ktfreetel Co., Ltd. filed Critical Ktfreetel Co., Ltd.
Publication of WO2003036867A1 publication Critical patent/WO2003036867A1/en
Publication of WO2003036867B1 publication Critical patent/WO2003036867B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to a mutual authentication method and a system between a mobile terminal and a server, and more particularly, a method and a system performing the mutual authentication in the mobile terminal and the server to transmit data securely.
  • the mobile communication system contains an HLR (Home Location Register) for managing the entire information of the mobile terminal, a NLR (Visitor Location Register) for managing information of the mobile terminal coming into the service area, an MSC (Mobile Switching Center) for establishing and managing a voice path or a non-voice path with a connection to the HLR and NLR, and an AC (Authentication Center) for performing the authentication with the terminal.
  • HLR Home Location Register
  • NLR Visitor Location Register
  • MSC Mobile Switching Center
  • AC Authentication Center
  • the mobile communication service currently being used has some problems to authenticate proper subscribers, or in the proprietary checking process of the transmission server.
  • various methods such as an application of SMS or data PUSH service are used.
  • the mutual authentication of the terminal and the transmission server is needed according to the separation of a conventional voice network and a data network.
  • ESN Electronic Serial Number
  • the Electronic Serial Number indicates a peculiar code number assigned to each terminal by which the terminal manufacturer informs the mobile communication service provider every time completion of terminal production occurs, and scrambling is defined as disturbing a signal or a call in order not to be decoded when the signal or call is received by someone other than the proper receiver.
  • a device exists to receive an image or data from the communication satellite, anyone can receive it; however, when the image or data is provided on a fee basis or confidential data of a company is transmitted, then reception of the data by only an individual who has a device to encode/decode the transmitted signal is required.
  • the signal has to be encoded/disturbed, i.e., "scrambled".
  • the long code scrambling by the traffic channel can protect only a PPP session in IWF (Inter- Working Function) or PSDN (Packet Data Service Node), so it is still difficult to restrict bad faith usage originating from unauthorized servers or terminals to the open environment of an IP network.
  • IWF Inter- Working Function
  • PSDN Packet Data Service Node
  • IP address pools are assigned a MIN (Mobile Identification Number) or ESN
  • the non-regular IP addresses of an IP address pool are not regularly assigned a MIN (Mobile Identification Number) or ESN; that is, they are randomly assigned whenever there is a request for an IP address, so the relationship between an IP address and the MIN/ESN does not exist any more.
  • the object of the present invention is to provide a mutual authentication method and a system between a mobile terminal and a server, in which data are securely transmitted by allowing the mobile terminal and the server to mutually authenticate the result value that is generated by use of ESN of the mobile terminal and a random number.
  • another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which can reduce the overall content of additional data for authentication by treating authentication information as additional fields of the data packet to simplify the authentication process.
  • another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which actively restrict bad faith improper conduct of a third party by encoding the authentication information and performing the mutual authentication process between the mobile terminal and the mobile communication system.
  • another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which maintain a stable mobile communication system by establishing a trend for equitable mobile service use, for example, by restricting and prohibiting the illegal use of the mobile service so that the normal customers need not pay a corresponding surcharge to make up the lost revenue.
  • Another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which generate a plurality of authentication keys by the use of one preliminary authentication key.
  • Another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which perform a plurality of authentication processes corresponding to the plurality of authentication keys.
  • method comprising the steps of receiving an input of a transmission request for data from the user; self -producing a random number in the mobile terminal according to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a terminal authentication key included within a predetermined region of the authentication information produced; and transmitting the data, the random number, and the terminal authentication key to the data transmission server.
  • system and computer readable medium comprising the steps of receiving an input of a transmission request for data from the user; self -producing a random number in the mobile terminal according to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a terminal authentication key included within a predetermined region of the authentication information produced; and transmitting the data, the random number, and the terminal authentication key to the data transmission server.
  • the particular information of the mobile terminal is one among a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A- key(Authentication key) used in CDMA network for authentication, an SSD(Shared Secret Data), and a secret number registered by the user.
  • the step of transmitting the data, the random number, and the terminal authentication key to the data transmission server is the step of transmitting the data, the random number, and the terminal authentication key to the data transmission server after converting them into a predetermined format.
  • method comprising the steps of receiving data, a random number, and a terminal authentication key from the mobile terminal; extracting particular information of the mobile terminal stored in advance; producing authentication information by a predetermined authentication information generation algorithm using the random number and the particular information of the mobile terminal as inputs; extracting a server authentication key included within a predetermined region of the produced authentication information; and performing an operation corresponding to the purpose of the data when the terminal authentication key coincides with the server authentication key.
  • system and computer readable medium comprising the steps of receiving data, a random number, and a terminal authentication key from the mobile terminal; extracting particular information of the mobile terminal stored in advance; producing authentication information by a predetermined authentication information generation algorithm using the random number and the particular information of the mobile terminal as inputs; extracting a server authentication key included within a predetermined region of the produced authentication information; and performing an operation corresponding to the purpose of the data when the terminal authentication key coincides with the server authentication key.
  • method comprising the steps of registering data to be transmitted to the mobile terminal; self-producing a random number accordmg to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile P T/KR02/01991
  • the step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal is the step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal after converting them into a predetermined format.
  • method comprising the steps of receiving data transmission waiting data, a random number, and a server authentication key from the data transmission server; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a first terminal authentication key included within a first region that is selected from at least one predetermined region of the authentication information; inspecting whether or not the first terminal authentication key coincides with the server authentication key; extracting a second terminal authentication key included within a second region that is selected from at least one predetermined region of the authentication information if the first terminal authentication key coincides with the server authentication key; transmitting the second terminal authentication key and a transmission request for the data corresponding to the data transmission waiting data to the data transmission server through a network; and receiving the data from the data transmission server through the network.
  • system and computer readable medium comprising the steps of receiving a first server authentication request comprising a server random number and a first server authentication key from the transmission server; producing a second server authentication key by the use of the server random number and particular information corresponding to the mobile terminal; authenticating firstly the transmission server by the use of the first server authentication key and the second server authentication key; producing a first terminal authentication key by the use of a terminal random number produced by the mobile terminal and the particular information corresponding to the mobile terminal; transmitting a terminal authentication request comprising the terminal random number and the first terminal authentication key to the transmission server; receiving a second server authentication request comprising a third server authentication key produced by the use of the terminal random number and the particular information from the transmission server; producing a fourth server authentication key by the use of the terminal random number and the particular information; and authenticating secondly the transmission server by the use of the third server authentication key and the fourth server authentication key.
  • a first server authentication request comprising a server random number and a first server authentication key from the transmission server
  • producing a second server authentication key by
  • the particular information is one selected from a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key (Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user.
  • ESN Electronic Serial Number
  • MIN Mobile Identification Number
  • NAM Number Assignment Module
  • A-key Authentication key used in CDMA network for authentication
  • SSD Shared Secret Data
  • the transmission server authenticates the mobile terminal by the use of the first terminal authentication key and a second terminal authentication key produced by the transmission server.
  • the transmission server produces the first server authentication key by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
  • the second server authentication key is produced by the steps of: extracting the server random number from the first server authentication request; extracting the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key accordmg to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
  • the transmission server produces the third server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
  • the fourth server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherem the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
  • the first server authentication request further comprises data location information
  • the terminal authentication request further comprises data location information
  • the second server authentication request further comprises data.
  • method comprising the steps of producing a first server authentication key by the use of a server random number and particular information corresponding to the mobile terminal; producing a first server authentication request comprising the server random number and the first server authentication key; transmitting the first server authentication request to the mobile terminal; receiving a terminal authentication request from the mobile terminal; producing a second terminal authentication key by the use of the first server authentication key; authenticating the mobile terminal by the use of the first terminal authentication key and the second terminal authentication key; producing a third server authentication key by the use of the terminal random number and the particular information; transmitting a second server authentication request comprising the third server authentication key to the mobile terminal.
  • system and computer readable medium Accordmg to another aspect of this invention, there are provided system and computer readable medium.
  • the particular information is one selected from a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key(Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user.
  • the mobile terminal authenticates the transmission server by the use of the first server authentication key included in the first server authentication request and a second server authentication key produced by the mobile terminal.
  • the terminal authentication request comprises a terminal random number produced by the mobile terminal and a first terminal authentication key.
  • the mobile terminal secondly authenticates the transmission server by the use of the third server authentication key included in the second server authentication request and a fourth server authentication key produced by the mobile terminal.
  • the first server authentication key is produced by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
  • the mobile terminal produces the second server authentication key by the steps of: extracting the server random number from the first server authentication request; extractmg the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
  • the third server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
  • the mobile terminal produces the fourth server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extractmg n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
  • the first server authentication request further comprises data location information
  • the terminal authentication request further comprises data location information
  • the second server authentication request further comprises data.
  • method comprising the steps of producing a random number; extracting particular information corresponding to the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the random number and the particular information; producing a first terminal authentication key by extracting n bits from the preliminary authentication key according to a predetermined method; and producing a second terminal authentication key by extracting n bits that are not included within the first terminal authentication key from the preliminary authentication key, wherein the two terminal authentication keys are produced from one preliminary authentication key.
  • system and computer readable medium comprising the steps of producing a random number; extracting particular information corresponding to the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the random number and the particular information; producing a first terminal authentication key by extracting n bits from the preliminary authentication key according to a predetermined method; and producing a second terminal authentication key by extracting n bits that are not included within the first terminal authentication key from the preliminary authentication key, wherein the two terminal authentication keys are produced from one preliminary authentication key.
  • system and computer readable medium comprising the steps of producing
  • FIG. 1 is a block diagram of the secure data transmission system between a data transmission server and the mobile terminal according to the preferred embodiment of the present invention.
  • FIG. 2 is a block diagram of the authentication center according to the preferred embodiment of the present invention.
  • FIG. 3 is a flowchart of the secure data transmission method when data is transmitted from the mobile terminal according to the preferred embodiment of the present invention.
  • FIG. 4A illustrates an authentication information generating algorithm according to the preferred embodiment of the present invention.
  • FIG. 4B illustrates the authentication information generation result according to the preferred embodiment of the present invention.
  • FIG. 5 is a flowchart of the secure data transmission method when data are transmitted from the mobile communication system according to the preferred embodiment of the present invention.
  • FIG. 6 is a block diagram of the secure data transmission system according to another preferred embodiment of the present invention.
  • FIG. 7 is a flowchart showing the method for producing an authentication key according to another preferred embodiment of the present invention.
  • FIG. 8A is a flowchart showing the entire method for mutual authentication when the transmission server transmits data to the terminal according to another preferred embodiment of the present invention.
  • FIG. 8B is a flowchart showing the first server authentication process during data transmission from the server according to another preferred embodiment of the present invention.
  • FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention.
  • FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention.
  • FIG. 9A shows several types of authentication keys according to the present invention.
  • FIG. 9B is a block diagram of the first preliminary authentication key and the second preliminary authentication key according to another preferred embodiment of the present invention.
  • FIG. 9C is a block diagram of the third preliminary authentication key and the fourth preliminary authentication key according to another preferred embodiment of the present invention.
  • FIG. 10 a flowchart showing the method for mutual authentication during the data transmission from the terminal according to another preferred embodiment of the present invention.
  • FIG. 11A shows the first server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • FIG. 11B shows the terminal authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • FIG. 11C shows the second server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • FIG. 11D shows the terminal authentication request signal during data transmission from the terminal according to another preferred embodiment of the present invention.
  • FIG. 12A shows the process of generating the authentication information in a CDMA network according to still another preferred embodiment of the present invention.
  • FIG. 12B shows the process of generating the authentication value in a CDMA network according to still another preferred embodiment of the present invention.
  • FIG. 13 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile terminal according to still another embodiment of the present invention.
  • FIG. 14 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile communication system according to still another embodiment of the present invention.
  • HLR 140 VLR 145: Authentication Center
  • the terminal in accordance with the present invention may be a mobile terminal as well as a communication device such as a PDA (Personal Digital Assistant), which can perform data communication through a network. Furthermore, when any device 02 01991
  • FIG. 1 is a block diagram of the secure data transmission system between a data transmission server and the mobile terminal according to the preferred embodiment of the present invention
  • FIG. 2 is a block diagram of the authentication center according to the preferred embodiment of the present invention.
  • the data transmission system is provided with the mobile terminal 100 and the mobile communication system 110.
  • the mobile communication system 110 is provided with a base transceiver station(BTS) 120, a base station controller(BSC) 125, a mobile switching center(MSC) 130, a home location register(HLR) 135, a visitor location register(VLR) 140, and an authentication center 145.
  • BTS base transceiver station
  • BSC base station controller
  • MSC mobile switching center
  • HLR home location register
  • VLR visitor location register
  • the mobile terminal 100 transmits the predetermined region regarding authentication information that is newly produced for data transmission and a random number that was used for producing the authentication information to BTS 120, the authentication request data (that is, the random number and part of the authentication information) that is received by the BSC 120 is transmitted to MSC 130 through BSC 125.
  • MSC 130 extracts information of the mobile terminal from VLR 140 and the subscriber information corresponding to the mobile terminal from HLR 135. Also the
  • MSC 130 transmits the extracted mobile terminal information (for example, ESN or
  • the authentication center 145 is provided with a communicating part 145, a communicating part 150, a controlling part 155, a random number generation part 160, a converting part 165, and a comparing part 170.
  • the authentication center 145 may be provided with a plurality of separate devices, however, the authentication center 145 preferably is implemented in a form of computer program. Further, the authentication center 145 may be implemented in the same form in the mobile terminal 100.
  • the communicating part 150 When the communicating part 150 receives mobile terminal information and subscriber information and then the authentication request data from MSC 130, the converting part 165 that is under the control of the controlling part 155 produces authentication information by inputting the mobile terminal information and the random number into a predetermined authentication information generation function.
  • the comparing part 170 compares the authentication information produced by the converting part 165 with the authentication information received from MSC 130 to verify their identity, and thus determine whether the mobile terminal 100 is valid or not.
  • the communication part 150 that is under the control of the controlling part 155 transmits the resulting process data to the mobile terminal 100 through the MSC 130 to terminate the authentication process.
  • the converting part 165 may produce the authentication information for the random number generation part 160 to produce a random number.
  • An invalid server can be defined as a server that transmits an advertisement as though it is a credible message (for example, information actually provided by ISP or other subscriber), a server that tries to transmit a virus causing havoc in network access information (for example, a preferred roaming list, a wireless Internet service server address, etc.) to the terminal, etc.
  • an invalid terminal can be defined as a mobile terminal that tries to illegally transfer the service charge to another subscriber, a mobile terminal that tries to steal another subscriber's message by theft of the related storage information, etc.
  • the secure data transmission method between a mobile communication system 110 and the mobile terminal 100 will be described in detail by referring to FIGS. 3-5.
  • FIG. 3 is a flowchart of the secure data transmission method when data is transmitted from the mobile terminal
  • FIG. 4A illustrates an authentication information generating algorithm
  • FIG. 4B illustrates the authentication information generation result, all according to the preferred embodiment of the present invention.
  • the mobile terminal 100 when data (for example, a message, a picture, etc.) is to be transmitted to the mobile communication system 110 or to another mobile terminal/server through the mobile communication system 110, at step 310 the mobile terminal 100 produces a random number(R) according to a predetermined method (for example, a random number generating method, etc.).
  • a predetermined method for example, a random number generating method, etc.
  • the authentication information(S) is produced by the use of the authentication information generating function.
  • FIGS. 4A and 4B the authentication information generating algorithm and the authentication information generation result will be briefly described by referring to FIGS. 4A and 4B.
  • the PcsAuth algorithm as shown in FIG. 4A is shown. Additionally, other algorithms may be used as the authentication information generating algorithm. For convenience of this description, the PcsAuth algorithm in FIG. 4A will be used as an example for describing the present invention.
  • ESN to iO there are five input parameters and four output parameters of 32 bits; however, the ways to input ESN to iO, the arbitrary value to i3, 0 to il, i2, i4, SI to oO, S2 to ol respectively and discard o2 and o3 may be applicable to the present invention.
  • ESN of the mobile terminal 100 is 0x00000000
  • SI and S2 may be acquired according to each random number.
  • a common function that requires the random number(R) and ESN of the mobile terminal as inputs and also generates an output data of 64 bits may be implemented in the mobile terminal 100 and the mobile communication system 110.
  • the mobile terminal 100 extracts the terminal authentication information post-part(S2) from the terminal authentication information(that is, information produced by the mobile terminal 100 at step 315), and at step 325 transmits the extracted terminal authentication information post-part(S2), the random number(R) of step 310, and data to be transmitted to the mobile communication system 110 through the network.
  • the mobile communication system 110 receives the terminal authentication information post-part(S2), the random number(R), and the data to be transmitted. Further, at step 335 the mobile communication system 110 produces the server authentication informations ')(that is, the authentication information produced by the mobile communication system 110) by the use of the random number(R) of step 330.
  • the mobile communication system 110 extracts the post-32 bits as the server authentication information post-part(S2') from the produced server authentication informations'), and at step 345 inspects to determine whether the terminal authentication information post-part(S2) of step 330 and the server authentication information post-part(S2') of step 340 correspond with each other.
  • each authentication information generating algorithm is identical, when ESN stored in the mobile terminal 100 and ESN stored in the mobile communication terminal 110 are identical, then identical authentication information will be produced.
  • step 350 when the terminal authentication information post-part(S2) of step 330 and the server authentication information post- part(S2') of step 340 do not correspond with each other, at step 350 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile terminal 100 through the network.
  • an error message for example, "Access denied. Try again later", etc.
  • the mobile terminal 100 displays the error message on the screen connected to it and terminates the process.
  • step 360 when the terminal authentication information post-part(S2) of step 330 and the server authentication information post- part(S2') of step 340 correspond with each other, at step 360 the resulting message(for example, "Your Request Has Been Normally Performed", etc.) is transmitted to the mobile terminal 100 through network.
  • the mobile terminal 100 displays the resulting message on the screen connected to it and terminates the process.
  • the data or the message of the aforementioned process which is transmitted between the transmission server and the mobile terminal, is transmitted through the long-code scrambled traffic channel, its value cannot be recognized from the outside. Also, because the mobile terminal accesses the transmission server by the use of the address designated by ISP of the mobile communication system, no additional authentication step by the transmission server is necessary.
  • FIG. 5 is a flowchart of the secure data transmission method when data is transmitted from the mobile communication system according to the preferred embodiment of the present invention.
  • the mobile communication system 110 when data(for example, a message, a picture, etc.) is to be transmitted to the mobile terminal 110, at step 510 the mobile communication system 110 produces a random number according to the predetermined method(for example, a random number generating method, etc.).
  • the authentication information(S) is produced by the use of the authentication information generating function. Since the authentication information generating function has been already described above, no further detailed description will be added here.
  • the mobile communication system 110 extracts the terminal authentication information pre-part(Sl) from the server authentication information(that is, information produced by the mobile communication system 110 at step 515), and at step 525 transmits the server authentication information pre-part(Sl), the random number(R) of step 510, and data transmission waiting data indicating that there is data waiting to be received by the mobile terminal 100 through the network
  • the mobile terminal 100 receives the server authentication information pre-part(Sl), the random number(R), and the data transmission waiting data.
  • the mobile terminal 100 produces the terminal authentication informations ')(that is, the authentication information produced by the mobile terminal 100) by the use of the random number(R) of step 530.
  • the mobile terminal 100 extracts the preceding 32 bits as the terminal authentication information pre-part(Sl') from the produced terminal authentication information(S'), and at step 545 inspects whether the server authentication information pre-part(Sl) of step 530 and the terminal authentication information pre-part(Sl') of step 540 correspond with each other. According to the results of step 545, when the server authentication information pre-part(Sl) of step 530 and the terminal authentication information pre-part(Sl') of step 540 do not correspond with each other, then at step 550 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile communication system 110 through the network. At step 555, on receiving the error message the mobile communication system
  • step 545 when the server authentication information pre-part(Sl) and the terminal authentication information pre-part(Sl') correspond with each other, at step 560 the data transmission request and the terminal authentication information post-part(S2') are transmitted to the mobile communication system 110 through the network.
  • the mobile communication system 110 receives the data transmission request and the terminal authentication information post-part(S2'), and thereafter at step 570 extracts the server authentication information post-part(S2) from the server authentication information of step 515.
  • the mobile communication system 110 inspects to determine whether the terminal authentication information post-part(S2') of step 555 and the server authentication information post-part(S2) of step 570 correspond with each other. According to the results of step 575, when the terminal authentication information post- part(S2') and the server authentication information post-part(S2) do not correspond with each other, at step 580 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile terminal 100 through the network. At step 585, on receiving the error message the mobile terminal 100 displays the error message on the screen connected to it and terminates the process.
  • an error message for example, "Access denied. Try again later", etc.
  • step 590 when the terminal authentication information post-part(S2') and the server authentication information post-part(S2) correspond with each other, at step 590 the data/message waiting to be transmitted to the mobile terminal 100 is transmitted to the mobile terminal 100 through the network And at step 595, the mobile terminal 100 receives the data of step 590 and displays the results of the process (for example, "Data Receiving Complete", etc.) or the contents of data/message on the screen connected to it. Because the data or the message of the aforementioned process, which is transmitted between the transmission server and the mobile terminal, is transmitted through the long-code scrambled traffic channel, its value is not recognized outside.
  • the data or the message of the aforementioned process which is transmitted between the transmission server and the mobile terminal, is transmitted through the long-code scrambled traffic channel, its value is not recognized outside.
  • the secure data transmission system and method between the data transmission server and the mobile terminal according to the present invention may be applied to customized data service, etc.
  • the subscriber registers information such as the current stock price of Korea Telecom as required by the subscriber via the mobile terminal 100 or the web server connected to the mobile communication system 110
  • the required information may be transmitted to the subscriber's mobile terminal 100 upon registering each time or at the present time. Since the information will not be disclosed to a third party per the present invention, confidential or personal information can be readily transmitted without limit.
  • FIG. 6 is a block diagram of the secure data transmission system according to another preferred embodiment of the present invention.
  • the mobile terminal 100 is connected to BTS 120, BSC 125, MSC 130, and the transmission server 610.
  • the present invention relates to the authentication method and system for data transmission between the mobile terminal 100 and the transmission server 610.
  • the transmission server 610 may authenticate the mobile terminal 100 by the use of the authentication key(hereinafter, "A-key") included within the authentication request.
  • A-key the authentication key(hereinafter, "A-key" included within the authentication request.
  • the mobile terminal 100 may authenticate the transmission server 610 by the use of the authentication key(hereinafter, "A-key") included within the authentication request.
  • A-key the authentication key
  • A-key included within the authentication request includes
  • the authentication request can be divided into the server authentication request for authenticating the server and the terminal authentication request for authenticating the terminal (See FIG. 9A).
  • the present invention can provide mutual authentication method in which the terminal authentication and the server authentication are performed in one authentication process.
  • the BTS 120 functions to connect the mobile terminal 100 to the transmission server 610 and furthermore may be provided with a communicating part, an antenna, a controller, a data terminal, and a power source.
  • the BSC 125 functions to control a plurality of BTS's connected to the BSC.
  • the MSC 130 connects the mobile terminal 100 to the transmission server 610 corresponding to the authentication request received through BTS 120 and BSC 125.
  • FIG. 7 is a flowchart showing the method for producing A-key according to another preferred embodiment of the present invention.
  • the transmission server and the terminal will produce the A-key according to the present invention respectively. That is, the terminal authenticates the A-key produced by the transmission server, and the transmission server authenticates the A-key produced by the terminal, so stability and the security of the authentication will be enhanced.
  • the method for producing A-key according to the present invention will be described with reference to FIG 7.
  • the terminal or the transmission server produces a random number.
  • the random number is a number of plural digits that are selected from the table of random numbers or a series of numbers, and may be produced by the random number generating part 160.
  • the random number generating part 160 can be implemented with a computer program or hardware for generating a series of random numbers according to the specific conditions.
  • the terminal or the transmission server extracts the ESN.
  • the ESN will be used as the mobile terminal identifier. That is, the method and system for mutual authentication between the mobile terminal and the server may use the random number and the mobile terminal identifier as inputs in order to generate the A-key, and the ESN may be used as the mobile terminal identifier.
  • the 'Mobile terminal identifier' is an identifier assigned to each mobile terminal uniquely, and the ESN may be used as the mobile terminal identifier.
  • the 'ESN' which is different from a manufacturer's serial number, is a number uniquely assigned to each mobile terminal. The manufacturer can register the ESN with the mobile communication company in a country where the mobile terminal is being used. When the subscriber registers the mobile terminal with the mobile communication company or changes the mobile terminal, thereafter the registration or change of terminal is performed by the use of the registered ESN. Since the ESN is a unique number to each mobile terminal and difficult to duplicate, it is preferable to use ESN as the mobile terminal identifier.
  • the terminal can extract ESN stored in the storage device of the terminal, and the transmission server can extract ESN from the ESN administration server connected to the transmission server.
  • the transmission server or the terminal generates a preliminary A-key of 2n bits by the use of the random number and ESN according to the predetermined method.
  • the preliminary A-key can be acquired by entering the random number and ESN into the predetermined function. If the preliminary A-key of 2n can be generated by the use of the random number and ESN, any function will do.
  • the mobile terminal or the transmission server extracts n bits from the preliminary A-key of 2n bits, and at step 720 generates the A-key.
  • a plurality of A-keys can be generated from the preliminary A-key.
  • a plurality of authentication processes corresponding to the plurality of A-keys can be performed. Any method for extracting n bits from 2n bits will suffice.
  • the authentication according to the present invention can be performed a number of times, and according to another preferred embodiment of the present invention the authentication process can be performed three times. That is, the authentication process may comprise the first server authentication, the terminal authentication, and the second server authentication.
  • the entire authentication process will be shown in FIG. 8A, and the first server authentication will be shown in FIG. 8B. Also, the terminal authentication will be shown in FIG. 8C, and the second server authentication will be shown in FIG. 8D. Finally, the A-key generated for authenticating the terminal will be indicated as the terminal A-key, and the A-key generated for authenticating the transmission server will be indicated as the server A- key.
  • FIG. 8A is a flowchart showing the entire method for mutual authentication when the transmission server transmits data to the terminal according to another preferred embodiment of the present invention.
  • the present invention when the authentication process occurs by performing the server authentications twice and the terminal authentication once, the mutual authentication between the transmission server and terminal is performed. That is, the present invention performs the mutual authentication through the server authentication and the terminal authentication, and the server authentication may consist of the first server authentication and the second authentication (FIG. 9A).
  • the first server authentication occurs by determining whether the (a) first server A-key generated in the transmission server and the (b) second server A-key generated in the terminal correspond with each other.
  • the second server authentication occurs by determining whether the (c) third server A-key generated in the transmission server and the (d) fourth server A-key generated in the terminal correspond with each other.
  • the second server authentication occurs by determining whether the (c) third server A-key generated in the transmission server and the (d) fourth server A-key generated in the
  • first terminal A-key generated in the terminal and the (f) second terminal A-key generated in the transmission server correspond with each other.
  • the aforementioned three authentications occur chronologically by the first server authentication, the terminal authentication, and the second server authentication.
  • the transmission server generates the first server A- key
  • at step 802 generates the first server authentication request including the first A-key.
  • the transmission server transmits the first server authentication request to the terminal.
  • the terminal On receiving the first server authentication request, at step 806 the terminal generates the second server A-key. And at step 808 the terminal performs the first server authentication by the use of the first server A-key included within the first server authentication request and the second server A-key generated in the terminal.
  • the terminal generates the first terminal A-key, and at step 814 generates the terminal authentication request including the first terminal A-key.
  • the terminal transmits the terminal authentication request to the server.
  • the server generates the second terminal A-key.
  • the server performs the terminal authentication by the use of the first terminal A-key included within the terminal authentication request and the second terminal A-key.
  • the server After completion of the terminal authentication, at step 822 the server generates the third A-key and transmits the second server authentication request including the third A-key to the terminal.
  • the terminal generates the fourth A-key and at step 828 performs the second server authentication by the use of the third server A-key included within the server authentication request and the fourth server A-key.
  • FIG. 8A is a flowchart showing the first server authentication process during data transmission from the server accordmg to another preferred embodiment of the present invention.
  • the first server authentication occurs by the method of determining correspondence between the first server A-key and the second server A-key.
  • the first server A-key may be generated from the first preliminary A-key
  • the second server A-key may be generated from the second preliminary A-key.
  • the function for generating the first server A-key and the second server A-key in the transmission server and the terminal is stored in advance.
  • the server random number and ESN may be used as inputs of the function.
  • the first server authentication process according to the present invention will be described.
  • the transmission server generates the server random number and at step 832 extracts ESN of the terminal so that the server will request the first server authentication from the database connected to the server.
  • the transmission server generates the first preliminary A-key by the use of the server random number and ESN.
  • the first preliminary A-key is 2n bits and in another preferred embodiment of present invention the first preliminary A-key is 64 bits.
  • the transmission server generates the first server A-key by extracting n bits from the first preliminary A-key.
  • the first server A-key is 32 bits.
  • the method for generating the first server A-key by the use of the first preliminary A-key may vary, and according to another preferred embodiment of the present invention the first server A-key may be generated by extracting n low bits from the first preliminary A-key.
  • the transmission server generates the first server authentication request including the first server A-key and the server random number, and at step 840 transmits the first server authentication request to the terminal.
  • the terminal extracts the server random number from the first server authentication request just received, and step 844 extracts ESN from the storage device connected to the terminal.
  • the terminal generates the second preliminary A-key by the use of the server random number and ESN, and at step 848 generates the second server A-key. Because steps 846 through 848 are identical with steps 834 through 836, a similar description will be omitted.
  • the terminal performs the first authentication for the transmission server by determining the correspondence between the second server A- key of step 848 and the first server A-key included within the first server authentication request.
  • FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention.
  • the terminal A-key used for the terminal authentication can be generated by the use of the first preliminary A-key and the second preliminary A-key. That is, the terminal authentication process can be performed by the use of the first preliminary A- key and the second preliminary A-key in FIG. 8B, and according to another preferred embodiment of the present invention the first server A-key can be n bits that are extracted from the preliminary A-key of 2n bits, whereas the terminal A-key can be the remaining n bits.
  • the terminal authentication process will be described with FIG. 8C as follows.
  • the terminal generates the first terminal A-key by extracting n high bits from the second preliminary A-key of step 846 shown in FIG. 8B.
  • the terminal generates the terminal random number that may be used when the second preliminary A-key is generated.
  • the terminal generates the terminal authentication request including the terminal random number and the first terminal A- key, and transmits the terminal authentication request to the transmission server.
  • the transmission server extracts the first terminal A-key to form the terminal authentication request.
  • the transmission server generates the second terminal A-key by extracting n high bits from the first preliminary A-key of step 834 shown in FIG. 8B.
  • the transmission server performs the terminal authentication by determining the correspondence between the first terminal A-key and the second terminal A-key. Accordingly the terminal authentication process occurs via steps 860 through 874.
  • FIG. 8D is a flowchart showing the second server authentication process during data transmission from the server according to another preferred embodiment of the present invention.
  • a new preliminary A-key is generated.
  • the preliminary A-key generated in the transmission server will be indicated as 'the third preliminary A-key' and the preliminary A-key generated in the terminal will be indicated as 'the fourth preliminary A-key ' .
  • the second server authentication process will be described in conjunction with FIG. 8D as follows.
  • the transmission server extracts the terminal random number from the terminal authentication request of step 868 shown in FIG 8C.
  • the transmission server generates the third preliminary A-key by entering the terminal random number and ESN into the predetermined function.
  • the transmission server generates the third server A-key by extracting n high bits or n low bits from the third preliminary A-key.
  • the third server A-key may be n low bits.
  • the transmission server generates the second server authentication request, and at step 888 transmits the second server authentication request to the terminal.
  • the terminal Upon receiving the second server authentication request, at step 890 the terminal generates the fourth preliminary A-key.
  • the fourth preliminary A-key may be generated by entering the terminal random number of step 864 shown in FIG. 8A and the ESN into the predetermined A-key generating function.
  • the terminal generates the fourth server A-key by extracting n bits from the fourth preliminary A-key.
  • the terminal performs the second server authentication by determining the correspondence between the fourth server A-key and the third server A-key included within the second server authentication request of step 888.
  • the authentication requests (i.e., the first server authentication request, the terminal authentication request, and the second server authentication request) may include information about the data as well as authentication information about the A-key, the random number, and ESN. Accordingly, if the authentication is accomplished by the authentication request including information about the data, it is apparent that the data can be extracted after authentication.
  • the first server authentication request may include data location information.
  • the terminal authentication request may include the data request information corresponding to the data location information.
  • the second server authentication request may include the data, so when the second server authentication is completed, the data may be received automatically.
  • the diagram of the authentication request including information about the data will be described later in conjunction with FIGS. 11A-11D
  • FIG. 9A shows the types of the A-key according to the present invention.
  • the mutual authentication between the server and the terminal is performed through two server authentications and one terminal authentication.
  • the mutual authentication according to the present invention is performed through the server (the mutual authentication 900) and terminal (the mutual
  • the first server authentication 910 is performed by determining the
  • the second server authentication 920 is
  • the first preliminary A-key and the second preliminary A- key may be generated by entering the server random number and ESN into the predetermined function.
  • the server A-key and the terminal A-key may be generated by extracting low bits or high bits from the first preliminary A-key and the second preliminary A-key.
  • the extracted low bits may be used as the first server A-key and the second server A-key, while the extracted high bits may be used as the first terminal A-key and the second terminal A-key.
  • the third preliminary A-key and the fourth preliminary A- key may be generated by entering the server random number and the ESN into the predetermined function.
  • the server A-key and the terminal A-key may be generated by extracting low bits or high bits from the third preliminary A-key and the fourth preliminary A-key.
  • the extracted low bits may be used as the first server A-key and the second server A-key, whereas the high bits are discarded.
  • FIG. 9B is a block diagram of the first preliminary A-key and the second preliminary A-key according to another preferred embodiment of the present invention.
  • the first preliminary A-key and the second preliminary A-key are generated by entering the server random number and ESN into the predetermined function.
  • the server random number and ESN are the same, the first preliminary A-key and the second preliminary A-key are the same. Accordingly, the same reference numbers will be used in the first preliminary A-key and the second preliminary A-key, and the same reference numbers will be used in the first server A-key and the second server A-key. Also, the same reference numbers will be used in the first terminal A-key and the second terminal A-key.
  • the first preliminary A-key 950 is generated in the transmission server, and the second preliminary A-key 950 is generated in the terminal.
  • the first preliminary A-key 950 and the second preliminary A-key 950 are provided with 2n bits, but in another embodiment of the present invention, 2n bits may be 64 bits.
  • the first server A-key 957 and the second server A-key 957 may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the first preliminary A- key 950 is the first server A-key 957, and the low bits extracted from the second preliminary A-key 950 is the second server A-key 957.
  • the first server authentication occurs by comparing the first server A-key 957 with the second server A-key 957. In the same manner, the first terminal A-key and the second terminal A-key 953 T KR02/01991
  • the terminal authentication occurs by comparing the first terminal A-key 953 with the second terminal A-key 953.
  • FIG. 9C is a block diagram of the third preliminary A-key and the fourth preliminary A-key according to another preferred embodiment of the present invention.
  • the third preliminary A-key and the fourth preliminary A-key are generated by entering the server random number and ESN into the predetermined function, but when the server random number and ESN are the same, then the third preliminary A-key and the fourth preliminary A-key are the same. Accordingly, the same reference numbers will be used in the third preliminary A-key and the fourth preliminary A-key, and the same reference numbers will be used in the third server A-key and the fourth server A-key.
  • the third preliminary A-key 970 is generated in the transmission server, and the fourth preliminary A-key 970 is generated in the terminal. Similar as shown in FIG. 9B, the third preliminary A-key and the fourth preliminary A-key 970 are provided with 2n bits, but in another embodiment of the present invention, 2n bits may be 64 bits.
  • the third server A-key and the second server A-key 977 may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the third preliminary A- key 970 are the third server A-key 977, and the low bits extracted from the fourth preliminary A-key 970 are the fourth server A-key 977.
  • the second server authentication may occur by comparing the third server A-key 977 with the fourth server A-key 977. According to the present invention, the high bits of the third preliminary A-key and the fourth preliminary A-key 970 are actually reserved for future use; however, obviously an additional authentication process can occur via use of the reserved high bits.
  • FIG. 10 a flowchart showing the method for mutual authentication during the data transmission from the terminal according to another preferred embodiment of the present invention. Similar to mutual authentication when the transmission server transmits data to the terminal, mutual authentication can occur when the terminal transmits data to the transmission server.
  • a triple authentication process is possible during the data transmission from the terminal.
  • the terminal accesses a specific address designated by ISP when the terminal transmits data to the transmission server, security without the server authentication process can still be maintained.
  • the terminal can transmit data to the server only after completion of the terminal authentication process. That is, four preliminary A-keys (the first through fourth preliminary A-keys) are needed in the data transmission from the transmission server; however, the first preliminary A-key and the second preliminary A-key are needed in the data transmission from the terminal.
  • the authentication process occurs efficiently once during the data transmission from the terminal, it is also possible to perform the authentication process three times similar to the data transmission from the transmission server.
  • the terminal generates the random number and at step 1005 extracts ESN from the storage device connected to the terminal.
  • the terminal generates the first preliminary A-key by the use of the random number and ESN.
  • the terminal generates the first terminal A-key by extracting n bits from the first preliminary A-key. Because the way to extract the A-key of n bits from the preliminary A-key of 2n bits was already described in conjunction with FIG. 8A, a similar description will be omitted.
  • the terminal generates the terminal authentication request including the A-key, and at step 1030 transmits the request to the transmission server.
  • the transmission server extracts the random number included within the terminal authentication request.
  • the transmission server extracts ESN of the terminal from the database connected to the transmission server.
  • the transmission server generates the second preliminary A-key by using the received random number and the extracted ESN.
  • the transmission server generates the second terminal A-key by extracting n bits from the second preliminary key. Because the way to extract the A-key of n bits from the preliminary A-key of 2n bits was already described in conjunction with FIG. 8A, a similar description will be omitted here.
  • the transmission server performs the terminal authentication process by determining the correspondence between the first terminal A-key and the second terminal A-key. According to the present invention, by letting the terminal authentication request include the data, it is possible to automatically extract the data after completion of the authentication process. If the terminal authentication request includes the data, at step 1065 the transmission server extracts and stores the data included within the terminal authentication request, and at step 1070 may transmit the data receiving a confirmation message at the terminal.
  • the first preliminary A-key and the second preliminary A-key are generated by entering the terminal random number and ESN into the predetermined function, and the first preliminary A-key and the second preliminary A-key are the same.
  • the first preliminary A-key is generated in the terminal, and the second preliminary A-key is generated in the transmission server.
  • the first preliminary A-key and the second preliminary A-key according to the present invention are provided with 2n bits, but in another preferred embodiment of the present invention, 2n bits may be 64 bits.
  • the first terminal A-key and the second terminal A-key may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the first preliminary A- key are the first terminal A-key, and the low bits extracted from the second preliminary A-key are the second terminal A-key.
  • the terminal authentication may occur by comparing the first terminal A-key with the second terminal A-key.
  • the high bits of the first preliminary A-key and the second preliminary A-key are reserved for future use; however, it is apparent that an additional authentication process can occur by use of the reserved high bits.
  • the terminal/transmission server transmits the data after completion of the authentication, or transmits the authentication request including the data as shown in FIGS. 11A -11D.
  • the first server authentication request may include the data location information.
  • the terminal authentication request may include the data request information corresponding to the data location information.
  • the second server authentication request may include the data, so when the second server authentication is completed then the data may be received automatically. Because the signals are transmitted through the long-code scrambled traffic channel, its value is not recognized outside.
  • FIG. 11A shows the first server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • the first server authentication request signal is comprised of the first server A-key 1100, the server random number 1103, and the data location information 1107.
  • the "data location information” indicates information about the location of the data to be transmitted from the terminal to the server. Since the first server A-key 1100 and the server random number 1103 were already described, the same description will be omitted. 1991
  • FIG. 11B shows the terminal authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • the terminal authentication request signal is comprised of the first terminal A-key 1110, the terminal random number 1113, and the data location information 1117.
  • the transmission server may extract the data by use of the data location information, and transmit the extracted data shown in FIG. 11C to the terminal. Since the terminal A-key 1110 and the terminal random number 1113 were already described, the same description will be omitted.
  • FIG. 11C shows the second server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
  • the second server authentication request signal is comprised of the third server A-key 1120 and the data 1123.
  • the extracted data 1127 as shown in FIG. 11B may be transmitted by being included within the second server authentication request signal to the terminal. Since the third server A-key 1120 was already described, the same description will be omitted.
  • FIG. 11D shows the terminal authentication request signal during data transmission from the terminal according to another preferred embodiment of the present invention.
  • the terminal authentication request signal is comprised of the first terminal A-key 1130, the terminal random number 1133, and the data 1135.
  • the terminal may transmit the data by being included within the terminal authentication request signal. Since the first terminal A-key 1130 and the terminal random number were already described, the same description will be omitted.
  • FIG. 12A shows the process of generating the authentication information in CDMA network according to another preferred embodiment of the present invention
  • FIG. 12B shows the process of generating the authentication value in CDMA network according to still another preferred embodiment of the present invention.
  • the mobile terminal 100 or the mobile communication system 110 When the authentication information generating process in CDMA network according to the present invention is described in conjunction with FIG. 12A, the mobile terminal 100 or the mobile communication system 110 generates authentication information of 128 bits by use of the random number of 56 bits, ESN of 32 bits, the A- key of 64 bits, and the authentication information generating algorithm. Also the mobile terminal 100 or the mobile communication system 110 generates two variations of authentication information by dividing the generated authentication information of 128 bits into 64 high bits and 64 low bits.
  • the mobile terminal 100 or the mobile communication system 110 when the authentication value generating process in CDMA network according to the present invention is described in conjunction with FIG. 12B, the mobile terminal 100 or the mobile communication system 110 generates the authentication value (AUTHR) of 18 bits by use of the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits (for example, seven digits of the receiver's phone number, seven digits of the caller's phone number), 64 high bits of the authentication information of 128 bits, and the authentication information generating algorithm.
  • the authentication value generating algorithm may be indicated by the CDMA standard such as IS-95, IS-2000, etc., and more particularly, "CAVE” (Cellular Authentication, Voice privacy and Encryption), "DES10” (Data Encryption Standard 10), etc.
  • the A-key and the authentication information are used in the authentication process in CDMA network.
  • the A-key is a particular secret key that is inputted additionally and exists only in the mobile communication system and the mobile terminal, but is also distinguished from the A- key indicating each mobile terminal or each subscriber.
  • this A-key is not used directly but rather after generating an SSD, the part of the SSD that may be used in the authentication process.
  • SSD can be divided into 64 high bits (SSD_A or pre-part of SSD) and 64 low bits (SSD_B or post-part of SSD), whereas the SSD A is used in the authentication process while the SSD_B is used for encryption.
  • SSD_A high bits
  • SSD_B low bits
  • the new SSD is generated to repeat the authentication process, but if error still occurs then the use of the mobile terminal can be restricted.
  • FIG. 13 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile terminal according to still another embodiment of the present invention.
  • the mobile communication system 110 transmits a random number to the mobile terminal.
  • the random number of step 1310 is a random number for authenticating voice and changes according to location or time.
  • the mobile terminal 100 at step 1320 If data are to be transmitted to a receiver's terminal (See step 1315), the mobile terminal 100 at step 1320 generates the first terminal authentication value(AUTHR(M)).
  • AUTHR(M) the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits, 64 high bits of the authentication information of 128 bits, and the authentication value generating algorithm(for example, CAVE, etc,.) are used as previously described.
  • the mobile terminal 100 transmits the data receiving request to the mobile communication system through the network.
  • the data receiving request of step 1325 may include AUTHR(M) and the data to be transmitted.
  • the mobile communication system 110 generates the second terminal authentication value (AUTHR'(M)) by use of the random number of step 1310, and at step 1335 inspects whether or not the AUTHR(M) of step 1325 and AUTHR' (M) of step 1330 correspond with each other. According to the inspection shown in step 1335, if AUTHR(M) and AUTHR' (M) correspond with each other, then at step 1340 the mobile communication system 110 stores the data from the mobile terminal and transmits the data to the receiver's mobile terminal. At step 1345, the mobile communication system 110 transmits the data receiving confirmation message indicating the completion of data transmission to the mobile terminal 100 that had requested the data transmission.
  • FIG. 14 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile communication system according to still another embodiment of the present invention.
  • the mobile communication system 110 transmits the random number to the mobile terminal 100.
  • the random number of step 1410 serving as an access parameter is the random number for authenticating voice and changes according to location or time.
  • the mobile communication system 110 at step 1420 transmits the receiving alert message.
  • the receiving alert message may include the data location information(for example,
  • the mobile terminal 100 uses the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits, 64 high bits of the authentication information of 128 bits, and the authentication value generating algorithm(for example, CAVE, etc,.) as described above.
  • the mobile terminal 100 generates the random number for server authentication(RAND_S), and at step 1435 transmits a transmission request for the data to the mobile communication through the network.
  • the transmission request may include AUTHR(M), RAND_S, etc,.
  • the mobile communication system
  • step 1445 inspects whether or not AUTHR(M) and AUTHR' (M) correspond with each other. If AUTHR(M) and AUTHR' (M) correspond with each other according to the result of step 1445, then at step 1450 the mobile communication system 110 generates the first server authentication value(AUTHR(S)) and at step 1455 transmits AUTHR(S) and the data to the mobile terminal 100 through the network.
  • the mobile terminal 100 At step 1460 the mobile terminal 100 generates the second server authentication value(AUTHR'(S)), and at step 1465 inspects whether or not AUTHR(S) and
  • step 1470 shows the data received from the mobile communication system 110 are stored at step 1455.
  • data may be securely transmitted by letting the mobile terminal and the server mutually authenticate the results of the value that is generated by the use of ESN of the mobile terminal and a random number.
  • it is possible to reduce the extensive amount of additional data for authentication by treating authentication information as additional fields of the data packet, and thus simplify the authentication process.
  • it is possible to actively restrict improper and illegal actions of third parties by encoding authentication information and performing a mutual authentication process between the mobile terminal and the mobile communication system.
  • a mobile communication system can be stably maintained by establishing a basic campaign for legitimate use of mobile service, (e.g., users in good faith need not pay any surcharge in relation to malicious use, in order to restrain and overcome it).
  • a plurality of A-keys by the use of one preliminary A-key can be generated according to the present invention.
  • a plurality of authentication processes corresponding to the plurality of A-keys can be performed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to system and method for performing mutual authentication between mobile terminal and server. Server and mobile terminal have particular information of the mobile terminal in common, and use predetermined authentication information generating algorithm which requests random number and particular information of the mobile terminal as input data. Each of server and mobile terminal challenges the other with random number, and determines authenticity of the other side by the response to the challenge. By the authentication process and using it mutually, the server and mobile terminal can be mutually authenticated and then data transmitted by the server or mobile terminal can be authenticated. Thereby, the transmission to unjust mobile terminal and the transmission from unjust server can be protected. And by including random number and authentication information within data transmission procedure, protection from unjust transmission can be achieved with minimum of information and a simple procedure.

Description

SYSTEM AND METHOD FOR PERFORMING MUTUAL AUTHENTICATION BETWEEN MOBILE TERMINAL AND SERVER
Field of the invention
The present invention relates to a mutual authentication method and a system between a mobile terminal and a server, and more particularly, a method and a system performing the mutual authentication in the mobile terminal and the server to transmit data securely.
Background of the invention
With the constant expansion by entrepreneurs into various fields of activity and the corresponding development of technology, in particular the extensive use of mobile communication service has increased rapidly. Furthermore, an authentication process has been a prelude to data transmission between the mobile communication system and the terminal generally.
For example, the mobile communication system contains an HLR (Home Location Register) for managing the entire information of the mobile terminal, a NLR (Visitor Location Register) for managing information of the mobile terminal coming into the service area, an MSC (Mobile Switching Center) for establishing and managing a voice path or a non-voice path with a connection to the HLR and NLR, and an AC (Authentication Center) for performing the authentication with the terminal.
However, the mobile communication service currently being used has some problems to authenticate proper subscribers, or in the proprietary checking process of the transmission server. In order to transmit data from the mobile communication system to the terminal, various methods such as an application of SMS or data PUSH service are used.
In the method for transmitting data by the use of a data service using IP protocol among these methods, the mutual authentication of the terminal and the transmission server is needed according to the separation of a conventional voice network and a data network.
When the mobile terminal is connected to the BTS through a traffic channel, voice data can be transmitted safely even via a wireless environment that is opened by the use of ESN, which is known to the terminal and the network, and a long code mask and long code scrambling. The Electronic Serial Number (ESN) indicates a peculiar code number assigned to each terminal by which the terminal manufacturer informs the mobile communication service provider every time completion of terminal production occurs, and scrambling is defined as disturbing a signal or a call in order not to be decoded when the signal or call is received by someone other than the proper receiver. More specifically, if a device exists to receive an image or data from the communication satellite, anyone can receive it; however, when the image or data is provided on a fee basis or confidential data of a company is transmitted, then reception of the data by only an individual who has a device to encode/decode the transmitted signal is required. In summary, the signal has to be encoded/disturbed, i.e., "scrambled". Regardless, when a subscriber uses the wireless data service, the long code scrambling by the traffic channel can protect only a PPP session in IWF (Inter- Working Function) or PSDN (Packet Data Service Node), so it is still difficult to restrict bad faith usage originating from unauthorized servers or terminals to the open environment of an IP network. Because IP address pools are assigned a MIN (Mobile Identification Number) or ESN, the non-regular IP addresses of an IP address pool are not regularly assigned a MIN (Mobile Identification Number) or ESN; that is, they are randomly assigned whenever there is a request for an IP address, so the relationship between an IP address and the MIN/ESN does not exist any more.
DISCLOSURE OF THE INVENTION
The object of the present invention is to provide a mutual authentication method and a system between a mobile terminal and a server, in which data are securely transmitted by allowing the mobile terminal and the server to mutually authenticate the result value that is generated by use of ESN of the mobile terminal and a random number.
Secondly, another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which can reduce the overall content of additional data for authentication by treating authentication information as additional fields of the data packet to simplify the authentication process.
Thirdly, another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which actively restrict bad faith improper conduct of a third party by encoding the authentication information and performing the mutual authentication process between the mobile terminal and the mobile communication system.
Fourthly, another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which maintain a stable mobile communication system by establishing a trend for equitable mobile service use, for example, by restricting and prohibiting the illegal use of the mobile service so that the normal customers need not pay a corresponding surcharge to make up the lost revenue.
Fifthly, another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which generate a plurality of authentication keys by the use of one preliminary authentication key.
Finally, another object of the present invention is to provide a mutual authentication method and a system between the mobile terminal and the server, which perform a plurality of authentication processes corresponding to the plurality of authentication keys.
To achieve aforementioned objects, according to the preferred embodiment of the present invention, there is provided method comprising the steps of receiving an input of a transmission request for data from the user; self -producing a random number in the mobile terminal according to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a terminal authentication key included within a predetermined region of the authentication information produced; and transmitting the data, the random number, and the terminal authentication key to the data transmission server. According to another aspect of this invention, there are provided system and computer readable medium.
The particular information of the mobile terminal is one among a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A- key(Authentication key) used in CDMA network for authentication, an SSD(Shared Secret Data), and a secret number registered by the user. The step of transmitting the data, the random number, and the terminal authentication key to the data transmission server is the step of transmitting the data, the random number, and the terminal authentication key to the data transmission server after converting them into a predetermined format. Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of receiving data, a random number, and a terminal authentication key from the mobile terminal; extracting particular information of the mobile terminal stored in advance; producing authentication information by a predetermined authentication information generation algorithm using the random number and the particular information of the mobile terminal as inputs; extracting a server authentication key included within a predetermined region of the produced authentication information; and performing an operation corresponding to the purpose of the data when the terminal authentication key coincides with the server authentication key. According to another aspect of this invention, there are provided system and computer readable medium.
Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of registering data to be transmitted to the mobile terminal; self-producing a random number accordmg to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile P T/KR02/01991
terminal as inputs; extracting a first server authentication key included within a first region that is selected from at least one predetermined region of the authentication information; transmitting data transmission waiting data, the random number, and the first server authentication key to the mobile terminal; receiving a terminal authentication key included within a second region that is selected from at least one predetermined region and a transmission request for the registered data; extracting a second server authentication key included within a second region that is selected from at least one predetermined region of the authentication information; inspecting whether or not the terminal authentication key coincides with the second server authentication key; and transmitting the registered data to the mobile terminal through a network if the terminal authentication key coincides with the second server authentication key. According to another aspect of this invention, there are provided system and computer readable medium.
The step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal is the step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal after converting them into a predetermined format.
Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of receiving data transmission waiting data, a random number, and a server authentication key from the data transmission server; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a first terminal authentication key included within a first region that is selected from at least one predetermined region of the authentication information; inspecting whether or not the first terminal authentication key coincides with the server authentication key; extracting a second terminal authentication key included within a second region that is selected from at least one predetermined region of the authentication information if the first terminal authentication key coincides with the server authentication key; transmitting the second terminal authentication key and a transmission request for the data corresponding to the data transmission waiting data to the data transmission server through a network; and receiving the data from the data transmission server through the network. According to another aspect of this invention, there are provided system and computer readable medium. Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of receiving a first server authentication request comprising a server random number and a first server authentication key from the transmission server; producing a second server authentication key by the use of the server random number and particular information corresponding to the mobile terminal; authenticating firstly the transmission server by the use of the first server authentication key and the second server authentication key; producing a first terminal authentication key by the use of a terminal random number produced by the mobile terminal and the particular information corresponding to the mobile terminal; transmitting a terminal authentication request comprising the terminal random number and the first terminal authentication key to the transmission server; receiving a second server authentication request comprising a third server authentication key produced by the use of the terminal random number and the particular information from the transmission server; producing a fourth server authentication key by the use of the terminal random number and the particular information; and authenticating secondly the transmission server by the use of the third server authentication key and the fourth server authentication key. According to another aspect of this invention, there are provided system and computer readable medium.
Wherein the particular information is one selected from a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key (Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user.
Wherem the transmission server authenticates the mobile terminal by the use of the first terminal authentication key and a second terminal authentication key produced by the transmission server. The transmission server produces the first server authentication key by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits. The second server authentication key is produced by the steps of: extracting the server random number from the first server authentication request; extracting the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key accordmg to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
The transmission server produces the third server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits. The fourth server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherem the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits. The first server authentication request further comprises data location information, the terminal authentication request further comprises data location information, and the second server authentication request further comprises data.
Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of producing a first server authentication key by the use of a server random number and particular information corresponding to the mobile terminal; producing a first server authentication request comprising the server random number and the first server authentication key; transmitting the first server authentication request to the mobile terminal; receiving a terminal authentication request from the mobile terminal; producing a second terminal authentication key by the use of the first server authentication key; authenticating the mobile terminal by the use of the first terminal authentication key and the second terminal authentication key; producing a third server authentication key by the use of the terminal random number and the particular information; transmitting a second server authentication request comprising the third server authentication key to the mobile terminal. Accordmg to another aspect of this invention, there are provided system and computer readable medium.
Wherein the particular information is one selected from a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key(Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user.
Wherein the mobile terminal authenticates the transmission server by the use of the first server authentication key included in the first server authentication request and a second server authentication key produced by the mobile terminal. Wherein the terminal authentication request comprises a terminal random number produced by the mobile terminal and a first terminal authentication key.
Wherein the mobile terminal secondly authenticates the transmission server by the use of the third server authentication key included in the second server authentication request and a fourth server authentication key produced by the mobile terminal. The first server authentication key is produced by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits. The mobile terminal produces the second server authentication key by the steps of: extracting the server random number from the first server authentication request; extractmg the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
The third server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits. The mobile terminal produces the fourth server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extractmg n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits. The first server authentication request further comprises data location information, the terminal authentication request further comprises data location information, and the second server authentication request further comprises data.
Also, according to the preferred embodiment of the present invention, there is provided method comprising the steps of producing a random number; extracting particular information corresponding to the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the random number and the particular information; producing a first terminal authentication key by extracting n bits from the preliminary authentication key according to a predetermined method; and producing a second terminal authentication key by extracting n bits that are not included within the first terminal authentication key from the preliminary authentication key, wherein the two terminal authentication keys are produced from one preliminary authentication key. According to another aspect of this invention, there are provided system and computer readable medium.
Brief description of the drawings
FIG. 1 is a block diagram of the secure data transmission system between a data transmission server and the mobile terminal according to the preferred embodiment of the present invention.
FIG. 2 is a block diagram of the authentication center according to the preferred embodiment of the present invention.
FIG. 3 is a flowchart of the secure data transmission method when data is transmitted from the mobile terminal according to the preferred embodiment of the present invention.
FIG. 4A illustrates an authentication information generating algorithm according to the preferred embodiment of the present invention.
FIG. 4B illustrates the authentication information generation result according to the preferred embodiment of the present invention.
FIG. 5 is a flowchart of the secure data transmission method when data are transmitted from the mobile communication system according to the preferred embodiment of the present invention. FIG. 6 is a block diagram of the secure data transmission system according to another preferred embodiment of the present invention.
FIG. 7 is a flowchart showing the method for producing an authentication key according to another preferred embodiment of the present invention. FIG. 8A is a flowchart showing the entire method for mutual authentication when the transmission server transmits data to the terminal according to another preferred embodiment of the present invention.
FIG. 8B is a flowchart showing the first server authentication process during data transmission from the server according to another preferred embodiment of the present invention.
FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention.
FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention.
FIG. 9A shows several types of authentication keys according to the present invention.
FIG. 9B is a block diagram of the first preliminary authentication key and the second preliminary authentication key according to another preferred embodiment of the present invention.
FIG. 9C is a block diagram of the third preliminary authentication key and the fourth preliminary authentication key according to another preferred embodiment of the present invention. FIG. 10 a flowchart showing the method for mutual authentication during the data transmission from the terminal according to another preferred embodiment of the present invention.
FIG. 11A shows the first server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
FIG. 11B shows the terminal authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
FIG. 11C shows the second server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention.
FIG. 11D shows the terminal authentication request signal during data transmission from the terminal according to another preferred embodiment of the present invention. FIG. 12A shows the process of generating the authentication information in a CDMA network according to still another preferred embodiment of the present invention.
FIG. 12B shows the process of generating the authentication value in a CDMA network according to still another preferred embodiment of the present invention. FIG. 13 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile terminal according to still another embodiment of the present invention.
FIG. 14 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile communication system according to still another embodiment of the present invention.
<A list of the reference numbers identifying major parts shown in the drawings>
100: mobile terminal 110: mobile communication system
120: BTS
125: BSC
130: MSC
135: HLR 140: VLR 145: Authentication Center
150: communicating part
155: controlling part
160: random number generation part 165: converting part
170: comparing part
610: transmission server
913: first server authentication key
917: second server authentication key 923: third server authentication key
927: fourth server authentication key
933: first terminal authentication key
937: second terminal authentication key
Embodiments
Hereinafter the preferred embodiment of the present invention will be described with the accompanying drawings.
The terminal in accordance with the present invention may be a mobile terminal as well as a communication device such as a PDA (Personal Digital Assistant), which can perform data communication through a network. Furthermore, when any device 02 01991
other than the mobile terminal is used, the data transmission server can be any system besides a mobile communication system; however, the present invention will be described using the mobile terminal and the mobile communication system for convenience only of the description. FIG. 1 is a block diagram of the secure data transmission system between a data transmission server and the mobile terminal according to the preferred embodiment of the present invention, and FIG. 2 is a block diagram of the authentication center according to the preferred embodiment of the present invention.
Referring to FIG. 1, the data transmission system is provided with the mobile terminal 100 and the mobile communication system 110. The mobile communication system 110 is provided with a base transceiver station(BTS) 120, a base station controller(BSC) 125, a mobile switching center(MSC) 130, a home location register(HLR) 135, a visitor location register(VLR) 140, and an authentication center 145. Upon referring to FIG. 1, the secure data transmission system between the data transmission server and the mobile terminal according to the present invention will be briefly described.
When the mobile terminal 100 transmits the predetermined region regarding authentication information that is newly produced for data transmission and a random number that was used for producing the authentication information to BTS 120, the authentication request data (that is, the random number and part of the authentication information) that is received by the BSC 120 is transmitted to MSC 130 through BSC 125.
MSC 130 extracts information of the mobile terminal from VLR 140 and the subscriber information corresponding to the mobile terminal from HLR 135. Also the
MSC 130 transmits the extracted mobile terminal information (for example, ESN or
MIN) and subscriber information, and the authentication request data to the authentication center 145.
Referring to FIG. 2, the authentication center 145 is provided with a communicating part 145, a communicating part 150, a controlling part 155, a random number generation part 160, a converting part 165, and a comparing part 170.
The authentication center 145 may be provided with a plurality of separate devices, however, the authentication center 145 preferably is implemented in a form of computer program. Further, the authentication center 145 may be implemented in the same form in the mobile terminal 100.
When the communicating part 150 receives mobile terminal information and subscriber information and then the authentication request data from MSC 130, the converting part 165 that is under the control of the controlling part 155 produces authentication information by inputting the mobile terminal information and the random number into a predetermined authentication information generation function. The comparing part 170 compares the authentication information produced by the converting part 165 with the authentication information received from MSC 130 to verify their identity, and thus determine whether the mobile terminal 100 is valid or not.
After the comparison by the comparing part 170, the communication part 150 that is under the control of the controlling part 155 transmits the resulting process data to the mobile terminal 100 through the MSC 130 to terminate the authentication process.
To the contrary, when the mobile communication system 110 transmits data to the mobile terminal 100, similarly as performed by the mobile terminal 100, the converting part 165 may produce the authentication information for the random number generation part 160 to produce a random number.
As previously described according to the present invention, whether or not a mobile terminal or transmission server (that may be an element of the mobile terminal or an element of other ISP) is a valid mobile terminal or transmission server can be easily determined. Accordmg to the present invention, several types of invalid (that is, abnormal) server or terminal are described in the following examples. An invalid server can be defined as a server that transmits an advertisement as though it is a credible message (for example, information actually provided by ISP or other subscriber), a server that tries to transmit a virus causing havoc in network access information (for example, a preferred roaming list, a wireless Internet service server address, etc.) to the terminal, etc.
Additionally an invalid terminal can be defined as a mobile terminal that tries to illegally transfer the service charge to another subscriber, a mobile terminal that tries to steal another subscriber's message by theft of the related storage information, etc.
The secure data transmission method between a mobile communication system 110 and the mobile terminal 100 will be described in detail by referring to FIGS. 3-5.
FIG. 3 is a flowchart of the secure data transmission method when data is transmitted from the mobile terminal, FIG. 4A illustrates an authentication information generating algorithm, and FIG. 4B illustrates the authentication information generation result, all according to the preferred embodiment of the present invention.
Referring to FIG. 3, when data (for example, a message, a picture, etc.) is to be transmitted to the mobile communication system 110 or to another mobile terminal/server through the mobile communication system 110, at step 310 the mobile terminal 100 produces a random number(R) according to a predetermined method (for example, a random number generating method, etc.).
At step 315, the authentication information(S) is produced by the use of the authentication information generating function.
Hereinafter, the authentication information generating algorithm and the authentication information generation result will be briefly described by referring to FIGS. 4A and 4B.
Upon referring to the common authentication algorithm of a domestic PSC service provider, the PcsAuth algorithm as shown in FIG. 4A is shown. Additionally, other algorithms may be used as the authentication information generating algorithm. For convenience of this description, the PcsAuth algorithm in FIG. 4A will be used as an example for describing the present invention.
Referring to FIG. 4A, there are five input parameters and four output parameters of 32 bits; however, the ways to input ESN to iO, the arbitrary value to i3, 0 to il, i2, i4, SI to oO, S2 to ol respectively and discard o2 and o3 may be applicable to the present invention. When ESN of the mobile terminal 100 is 0x00000000, SI and S2 may be acquired according to each random number.
Also, in order to produce the authentication information, a common function that requires the random number(R) and ESN of the mobile terminal as inputs and also generates an output data of 64 bits may be implemented in the mobile terminal 100 and the mobile communication system 110.
In this situation, by dividing the authentication information(S) produced by the common function into two, 32 high bits serve as an authentication information pre- part(Sl) for server authentication information whereas 32 low bits serve as an authentication information ρost-part(S2) for terminal authentication information. Based on the aforementioned example, the description continues as follows. Referring to FIG. 3 again, at step 320 the mobile terminal 100 extracts the terminal authentication information post-part(S2) from the terminal authentication information(that is, information produced by the mobile terminal 100 at step 315), and at step 325 transmits the extracted terminal authentication information post-part(S2), the random number(R) of step 310, and data to be transmitted to the mobile communication system 110 through the network.
At step 330 the mobile communication system 110 receives the terminal authentication information post-part(S2), the random number(R), and the data to be transmitted. Further, at step 335 the mobile communication system 110 produces the server authentication informations ')(that is, the authentication information produced by the mobile communication system 110) by the use of the random number(R) of step 330.
At step 340 the mobile communication system 110 extracts the post-32 bits as the server authentication information post-part(S2') from the produced server authentication informations'), and at step 345 inspects to determine whether the terminal authentication information post-part(S2) of step 330 and the server authentication information post-part(S2') of step 340 correspond with each other. At this time, because each authentication information generating algorithm is identical, when ESN stored in the mobile terminal 100 and ESN stored in the mobile communication terminal 110 are identical, then identical authentication information will be produced.
According to the results of step 345, when the terminal authentication information post-part(S2) of step 330 and the server authentication information post- part(S2') of step 340 do not correspond with each other, at step 350 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile terminal 100 through the network.
At step 355 on receiving the error message, the mobile terminal 100 displays the error message on the screen connected to it and terminates the process.
Also, according to the result of step 345, when the terminal authentication information post-part(S2) of step 330 and the server authentication information post- part(S2') of step 340 correspond with each other, at step 360 the resulting message(for example, "Your Request Has Been Normally Performed", etc.) is transmitted to the mobile terminal 100 through network.
At step 365, on receiving the resulting message of the process, the mobile terminal 100 displays the resulting message on the screen connected to it and terminates the process.
Because the data or the message of the aforementioned process, which is transmitted between the transmission server and the mobile terminal, is transmitted through the long-code scrambled traffic channel, its value cannot be recognized from the outside. Also, because the mobile terminal accesses the transmission server by the use of the address designated by ISP of the mobile communication system, no additional authentication step by the transmission server is necessary.
FIG. 5 is a flowchart of the secure data transmission method when data is transmitted from the mobile communication system according to the preferred embodiment of the present invention. Referring to FIG 5, when data(for example, a message, a picture, etc.) is to be transmitted to the mobile terminal 110, at step 510 the mobile communication system 110 produces a random number according to the predetermined method(for example, a random number generating method, etc.). At step 515, the authentication information(S) is produced by the use of the authentication information generating function. Since the authentication information generating function has been already described above, no further detailed description will be added here.
At step 520, the mobile communication system 110 extracts the terminal authentication information pre-part(Sl) from the server authentication information(that is, information produced by the mobile communication system 110 at step 515), and at step 525 transmits the server authentication information pre-part(Sl), the random number(R) of step 510, and data transmission waiting data indicating that there is data waiting to be received by the mobile terminal 100 through the network At step 530 the mobile terminal 100 receives the server authentication information pre-part(Sl), the random number(R), and the data transmission waiting data. Also at step 535 the mobile terminal 100 produces the terminal authentication informations ')(that is, the authentication information produced by the mobile terminal 100) by the use of the random number(R) of step 530. At step 540 the mobile terminal 100 extracts the preceding 32 bits as the terminal authentication information pre-part(Sl') from the produced terminal authentication information(S'), and at step 545 inspects whether the server authentication information pre-part(Sl) of step 530 and the terminal authentication information pre-part(Sl') of step 540 correspond with each other. According to the results of step 545, when the server authentication information pre-part(Sl) of step 530 and the terminal authentication information pre-part(Sl') of step 540 do not correspond with each other, then at step 550 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile communication system 110 through the network. At step 555, on receiving the error message the mobile communication system
110 displays the error message on the screen connected to the transmission server(or authentication server) and terminates the process. However, if the connection to the proper mobile terminal is not established, then steps 550 and 555 may be omitted to terminate the follow-up steps immediately. Also, according to the results of step 545, when the server authentication information pre-part(Sl) and the terminal authentication information pre-part(Sl') correspond with each other, at step 560 the data transmission request and the terminal authentication information post-part(S2') are transmitted to the mobile communication system 110 through the network. At step 565, the mobile communication system 110 receives the data transmission request and the terminal authentication information post-part(S2'), and thereafter at step 570 extracts the server authentication information post-part(S2) from the server authentication information of step 515.
Also at step 575, the mobile communication system 110 inspects to determine whether the terminal authentication information post-part(S2') of step 555 and the server authentication information post-part(S2) of step 570 correspond with each other. According to the results of step 575, when the terminal authentication information post- part(S2') and the server authentication information post-part(S2) do not correspond with each other, at step 580 an error message(for example, "Access denied. Try again later", etc.) is transmitted to the mobile terminal 100 through the network. At step 585, on receiving the error message the mobile terminal 100 displays the error message on the screen connected to it and terminates the process.
Also, according to the result of step 575, when the terminal authentication information post-part(S2') and the server authentication information post-part(S2) correspond with each other, at step 590 the data/message waiting to be transmitted to the mobile terminal 100 is transmitted to the mobile terminal 100 through the network And at step 595, the mobile terminal 100 receives the data of step 590 and displays the results of the process (for example, "Data Receiving Complete", etc.) or the contents of data/message on the screen connected to it. Because the data or the message of the aforementioned process, which is transmitted between the transmission server and the mobile terminal, is transmitted through the long-code scrambled traffic channel, its value is not recognized outside. The secure data transmission system and method between the data transmission server and the mobile terminal according to the present invention may be applied to customized data service, etc. For example, if the subscriber registers information such as the current stock price of Korea Telecom as required by the subscriber via the mobile terminal 100 or the web server connected to the mobile communication system 110, the required information may be transmitted to the subscriber's mobile terminal 100 upon registering each time or at the present time. Since the information will not be disclosed to a third party per the present invention, confidential or personal information can be readily transmitted without limit.
FIG. 6 is a block diagram of the secure data transmission system according to another preferred embodiment of the present invention. Referring to FIG. 6, the mobile terminal 100 is connected to BTS 120, BSC 125, MSC 130, and the transmission server 610. The present invention relates to the authentication method and system for data transmission between the mobile terminal 100 and the transmission server 610. When the mobile terminal 100 transmits the authentication request according to the present invention to BTS 120, after receiving the authentication request the BTS 120 transmits the authentication request to the transmission server 610 through BSC 125. The transmission server 610 may authenticate the mobile terminal 100 by the use of the authentication key(hereinafter, "A-key") included within the authentication request. Also, when the transmission server 610 transmits the authentication request to the mobile terminal 100, the aforementioned steps will be performed in reverse direction. The mobile terminal 100 may authenticate the transmission server 610 by the use of the
A-key included within the authentication request.
According to the present invention, the authentication request can be divided into the server authentication request for authenticating the server and the terminal authentication request for authenticating the terminal (See FIG. 9A). The present invention can provide mutual authentication method in which the terminal authentication and the server authentication are performed in one authentication process.
The BTS 120 functions to connect the mobile terminal 100 to the transmission server 610 and furthermore may be provided with a communicating part, an antenna, a controller, a data terminal, and a power source. Secondly, the BSC 125 functions to control a plurality of BTS's connected to the BSC. Finally, the MSC 130 connects the mobile terminal 100 to the transmission server 610 corresponding to the authentication request received through BTS 120 and BSC 125.
For additional clarification, the term 'mobile terminal' in addition to the term
'terminal', and the term 'transmission server', which performs the authentication process and data transmission with the terminal, will be used along with the term
'server'. Also, the embodiment will now be described by using the random number and the terminal identifier as inputs to produce authentication information (or 'A-key').
FIG. 7 is a flowchart showing the method for producing A-key according to another preferred embodiment of the present invention. The transmission server and the terminal will produce the A-key according to the present invention respectively. That is, the terminal authenticates the A-key produced by the transmission server, and the transmission server authenticates the A-key produced by the terminal, so stability and the security of the authentication will be enhanced. Hereinafter the method for producing A-key according to the present invention will be described with reference to FIG 7. At step 700 the terminal or the transmission server produces a random number. The random number is a number of plural digits that are selected from the table of random numbers or a series of numbers, and may be produced by the random number generating part 160. Obviously the random number generating part 160 can be implemented with a computer program or hardware for generating a series of random numbers according to the specific conditions. At step 705 the terminal or the transmission server extracts the ESN.
In another preferred embodiment of the present invention, the ESN will be used as the mobile terminal identifier. That is, the method and system for mutual authentication between the mobile terminal and the server may use the random number and the mobile terminal identifier as inputs in order to generate the A-key, and the ESN may be used as the mobile terminal identifier.
The 'Mobile terminal identifier' is an identifier assigned to each mobile terminal uniquely, and the ESN may be used as the mobile terminal identifier. The 'ESN', which is different from a manufacturer's serial number, is a number uniquely assigned to each mobile terminal. The manufacturer can register the ESN with the mobile communication company in a country where the mobile terminal is being used. When the subscriber registers the mobile terminal with the mobile communication company or changes the mobile terminal, thereafter the registration or change of terminal is performed by the use of the registered ESN. Since the ESN is a unique number to each mobile terminal and difficult to duplicate, it is preferable to use ESN as the mobile terminal identifier.
The terminal can extract ESN stored in the storage device of the terminal, and the transmission server can extract ESN from the ESN administration server connected to the transmission server. At step 710 the transmission server or the terminal generates a preliminary A-key of 2n bits by the use of the random number and ESN according to the predetermined method.
[FORMULA 1]
PRELIMINARY KEY=f(random number, ESN)
Referring to Formula 1, the preliminary A-key can be acquired by entering the random number and ESN into the predetermined function. If the preliminary A-key of 2n can be generated by the use of the random number and ESN, any function will do. At step 715 the mobile terminal or the transmission server extracts n bits from the preliminary A-key of 2n bits, and at step 720 generates the A-key. According to the present invention, a plurality of A-keys can be generated from the preliminary A-key. And a plurality of authentication processes corresponding to the plurality of A-keys can be performed. Any method for extracting n bits from 2n bits will suffice. Furthermore, according another preferred embodiment of the present invention, it is possible to extract n low bits from 2n bits. Additionally, it is also possible to extract n high bits from 2n bits.
In the embodiment described above, although the method for generating A-key by extracting n high bits or n low bits occurs, it is apparent for those who are skilled in the art to extract n bits in various ways not limited to the embodiment. If two A-keys are generated from a preliminary A-key, after generating one A- key by extracting n bits from the preliminary A-key of 2n bits, then another A-key can be generated by the use of n bits that remain after being extracted from 2n bits.
The authentication according to the present invention can be performed a number of times, and according to another preferred embodiment of the present invention the authentication process can be performed three times. That is, the authentication process may comprise the first server authentication, the terminal authentication, and the second server authentication. Hereinafter, the entire authentication process will be shown in FIG. 8A, and the first server authentication will be shown in FIG. 8B. Also, the terminal authentication will be shown in FIG. 8C, and the second server authentication will be shown in FIG. 8D. Finally, the A-key generated for authenticating the terminal will be indicated as the terminal A-key, and the A-key generated for authenticating the transmission server will be indicated as the server A- key. FIG. 8A is a flowchart showing the entire method for mutual authentication when the transmission server transmits data to the terminal according to another preferred embodiment of the present invention.
According to another preferred embodiment of the present invention, when the authentication process occurs by performing the server authentications twice and the terminal authentication once, the mutual authentication between the transmission server and terminal is performed. That is, the present invention performs the mutual authentication through the server authentication and the terminal authentication, and the server authentication may consist of the first server authentication and the second authentication (FIG. 9A). Firstly, the first server authentication occurs by determining whether the (a) first server A-key generated in the transmission server and the (b) second server A-key generated in the terminal correspond with each other. Secondly, the second server authentication occurs by determining whether the (c) third server A-key generated in the transmission server and the (d) fourth server A-key generated in the terminal correspond with each other. Thirdly, the terminal authentication occurs by determining whether the
(e) first terminal A-key generated in the terminal and the (f) second terminal A-key generated in the transmission server correspond with each other. The aforementioned three authentications occur chronologically by the first server authentication, the terminal authentication, and the second server authentication.
The various authentications are shown in Table 1 as follows:
[TABLE 1]
Figure imgf000038_0001
As shown above, the authentications according to the present invention are performed three times.
Hereinafter, the authentication process according to the present invention will be shown with FIG. 8A. At step 800 the transmission server generates the first server A- key, and at step 802 generates the first server authentication request including the first A-key.
Furthermore, at step 804 the transmission server transmits the first server authentication request to the terminal. On receiving the first server authentication request, at step 806 the terminal generates the second server A-key. And at step 808 the terminal performs the first server authentication by the use of the first server A-key included within the first server authentication request and the second server A-key generated in the terminal.
At step 810 the terminal generates the first terminal A-key, and at step 814 generates the terminal authentication request including the first terminal A-key. At step 816 the terminal transmits the terminal authentication request to the server. At step 818 the server generates the second terminal A-key. At step 820 the server performs the terminal authentication by the use of the first terminal A-key included within the terminal authentication request and the second terminal A-key. After completion of the terminal authentication, at step 822 the server generates the third A-key and transmits the second server authentication request including the third A-key to the terminal. At step 826 the terminal generates the fourth A-key and at step 828 performs the second server authentication by the use of the third server A-key included within the server authentication request and the fourth server A-key.
Through the first server authentication, the terminal authentication, and finally the second server authentication, the mutual authentication according to the present invention occurs. After completion of the authentication, at step 830 the terminal transmits the authentication confirmation to the server, and at step 832 the server transmits data to the terminal. Security during the transmission of important data is always maintained according to the present invention. In FIG. 8A, even though the authentication process and the data transmission process are shown separately for a thorough understanding of the present invention, obviously the authentication request may include data. The authentication request method including data information will be described later in conjunction with FIGS. 11A -11D. FIG. 8B is a flowchart showing the first server authentication process during data transmission from the server accordmg to another preferred embodiment of the present invention. According to the present invention the first server authentication occurs by the method of determining correspondence between the first server A-key and the second server A-key. The first server A-key may be generated from the first preliminary A-key, and the second server A-key may be generated from the second preliminary A-key.
Preferably the function for generating the first server A-key and the second server A-key in the transmission server and the terminal is stored in advance. The server random number and ESN may be used as inputs of the function. With reference to FIG. 8B, the first server authentication process according to the present invention will be described. At step 830 the transmission server generates the server random number and at step 832 extracts ESN of the terminal so that the server will request the first server authentication from the database connected to the server. At step 834 the transmission server generates the first preliminary A-key by the use of the server random number and ESN. In the preferred embodiment of present invention, preferably the first preliminary A-key is 2n bits and in another preferred embodiment of present invention the first preliminary A-key is 64 bits. At step 836 the transmission server generates the first server A-key by extracting n bits from the first preliminary A-key. According to the present invention, the first server A-key is 32 bits. As shown in FIG. 7, the method for generating the first server A-key by the use of the first preliminary A-key may vary, and according to another preferred embodiment of the present invention the first server A-key may be generated by extracting n low bits from the first preliminary A-key.
At step 838 the transmission server generates the first server authentication request including the first server A-key and the server random number, and at step 840 transmits the first server authentication request to the terminal. At step 842 the terminal extracts the server random number from the first server authentication request just received, and step 844 extracts ESN from the storage device connected to the terminal. At step 846 the terminal generates the second preliminary A-key by the use of the server random number and ESN, and at step 848 generates the second server A-key. Because steps 846 through 848 are identical with steps 834 through 836, a similar description will be omitted. Finally, at step 850 the terminal performs the first authentication for the transmission server by determining the correspondence between the second server A- key of step 848 and the first server A-key included within the first server authentication request.
FIG. 8C is a flowchart showing the terminal authentication process during data transmission from the server according to another preferred embodiment of the present invention. The terminal A-key used for the terminal authentication can be generated by the use of the first preliminary A-key and the second preliminary A-key. That is, the terminal authentication process can be performed by the use of the first preliminary A- key and the second preliminary A-key in FIG. 8B, and according to another preferred embodiment of the present invention the first server A-key can be n bits that are extracted from the preliminary A-key of 2n bits, whereas the terminal A-key can be the remaining n bits. The terminal authentication process will be described with FIG. 8C as follows. At step 860 the terminal generates the first terminal A-key by extracting n high bits from the second preliminary A-key of step 846 shown in FIG. 8B. At step 864 the terminal generates the terminal random number that may be used when the second preliminary A-key is generated. At step 866 the terminal generates the terminal authentication request including the terminal random number and the first terminal A- key, and transmits the terminal authentication request to the transmission server. At step 870 the transmission server extracts the first terminal A-key to form the terminal authentication request. Then at step 872 the transmission server generates the second terminal A-key by extracting n high bits from the first preliminary A-key of step 834 shown in FIG. 8B. At step 874 the transmission server performs the terminal authentication by determining the correspondence between the first terminal A-key and the second terminal A-key. Accordingly the terminal authentication process occurs via steps 860 through 874.
FIG. 8D is a flowchart showing the second server authentication process during data transmission from the server according to another preferred embodiment of the present invention. In the second server authentication process, a new preliminary A-key is generated. In the second server authentication process, the preliminary A-key generated in the transmission server will be indicated as 'the third preliminary A-key' and the preliminary A-key generated in the terminal will be indicated as 'the fourth preliminary A-key ' . The second server authentication process will be described in conjunction with FIG. 8D as follows. At step 880 the transmission server extracts the terminal random number from the terminal authentication request of step 868 shown in FIG 8C. At step 882 the transmission server generates the third preliminary A-key by entering the terminal random number and ESN into the predetermined function. Then at step 884 the transmission server generates the third server A-key by extracting n high bits or n low bits from the third preliminary A-key. However, in another preferred embodiment of the present invention, the third server A-key may be n low bits.
At step 886 the transmission server generates the second server authentication request, and at step 888 transmits the second server authentication request to the terminal. Upon receiving the second server authentication request, at step 890 the terminal generates the fourth preliminary A-key. The fourth preliminary A-key may be generated by entering the terminal random number of step 864 shown in FIG. 8A and the ESN into the predetermined A-key generating function. At step 892 the terminal generates the fourth server A-key by extracting n bits from the fourth preliminary A-key.
Because the generating process of the fourth server A-key is identical with step 884, the same description will be omitted. At step 894 the terminal performs the second server authentication by determining the correspondence between the fourth server A-key and the third server A-key included within the second server authentication request of step 888. Through the authentication process as described above, the second server authentication may be accomplished. The authentication requests, (i.e., the first server authentication request, the terminal authentication request, and the second server authentication request) may include information about the data as well as authentication information about the A-key, the random number, and ESN. Accordingly, if the authentication is accomplished by the authentication request including information about the data, it is apparent that the data can be extracted after authentication.
In another preferred embodiment of the present invention, the first server authentication request may include data location information. Further, the terminal authentication request may include the data request information corresponding to the data location information. Finally, the second server authentication request may include the data, so when the second server authentication is completed, the data may be received automatically. The diagram of the authentication request including information about the data will be described later in conjunction with FIGS. 11A-11D
FIG. 9A shows the types of the A-key according to the present invention.
According to another preferred embodiment of the present invention, during the authentication process the mutual authentication between the server and the terminal is performed through two server authentications and one terminal authentication. Referring to FIG. 9A, the mutual authentication according to the present invention is performed through the server (the mutual authentication 900) and terminal (the mutual
authentication 930), and the server authentication 900 is provided with the first server
authentication 910 and the second server authentication 920.
The first server authentication 910 is performed by determining the
correspondence between the first server A-key 913 generated in the transmission server
and the second server A-key 917. Furthermore, the second server authentication 920 is
performed by determimng the correspondence between the third sever A-key 923
generated in the server and the fourth A-key 927 generated in the terminal. The terminal
authentication 930 is performed by determining the correspondence between the first
terminal A-key 933 generated in the terminal and the second terminal A-key 937
generated in the server. These authentications are performed chronologically from the
first server authentication 910, the terminal authentication 930, and lastly the second
server authentication 920.
Also, there may be up to six kinds of the A-keys according to the present
invention as described above. However, since six A-keys are generated via extracting
them from four preliminary A-keys, then four preliminary A-keys may be generated.
[TABLE 2]
Generation
Where the preliminary A-key is generated method
F(server Transmission server Mobile terminal
Figure imgf000047_0001
Referring to Table 2, the first preliminary A-key and the second preliminary A- key may be generated by entering the server random number and ESN into the predetermined function. The server A-key and the terminal A-key may be generated by extracting low bits or high bits from the first preliminary A-key and the second preliminary A-key. In another preferred embodiment of the present invention, the extracted low bits may be used as the first server A-key and the second server A-key, while the extracted high bits may be used as the first terminal A-key and the second terminal A-key.
In the same manner, the third preliminary A-key and the fourth preliminary A- key may be generated by entering the server random number and the ESN into the predetermined function. The server A-key and the terminal A-key may be generated by extracting low bits or high bits from the third preliminary A-key and the fourth preliminary A-key. In another preferred embodiment of the present invention, the extracted low bits may be used as the first server A-key and the second server A-key, whereas the high bits are discarded.
The relationship between the preliminary A-key and the terminal A-key/the server A-key will be described in conjunction with FIGS. 9B and 9C. FIG. 9B is a block diagram of the first preliminary A-key and the second preliminary A-key according to another preferred embodiment of the present invention. The first preliminary A-key and the second preliminary A-key are generated by entering the server random number and ESN into the predetermined function. When the server random number and ESN are the same, the first preliminary A-key and the second preliminary A-key are the same. Accordingly, the same reference numbers will be used in the first preliminary A-key and the second preliminary A-key, and the same reference numbers will be used in the first server A-key and the second server A-key. Also, the same reference numbers will be used in the first terminal A-key and the second terminal A-key.
The first preliminary A-key 950 is generated in the transmission server, and the second preliminary A-key 950 is generated in the terminal. The first preliminary A-key 950 and the second preliminary A-key 950 are provided with 2n bits, but in another embodiment of the present invention, 2n bits may be 64 bits. The first server A-key 957 and the second server A-key 957 may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the first preliminary A- key 950 is the first server A-key 957, and the low bits extracted from the second preliminary A-key 950 is the second server A-key 957. The first server authentication occurs by comparing the first server A-key 957 with the second server A-key 957. In the same manner, the first terminal A-key and the second terminal A-key 953 T KR02/01991
may be 32 high bits extracted from the 64 bits. That is, the high bits extracted from the first preliminary A-key 950 are the second terminal A-key 953, and the high bits extracted from the second preliminary A-key 950 are the first terminal A-key 953. The terminal authentication occurs by comparing the first terminal A-key 953 with the second terminal A-key 953.
FIG. 9C is a block diagram of the third preliminary A-key and the fourth preliminary A-key according to another preferred embodiment of the present invention. The third preliminary A-key and the fourth preliminary A-key are generated by entering the server random number and ESN into the predetermined function, but when the server random number and ESN are the same, then the third preliminary A-key and the fourth preliminary A-key are the same. Accordingly, the same reference numbers will be used in the third preliminary A-key and the fourth preliminary A-key, and the same reference numbers will be used in the third server A-key and the fourth server A-key. The third preliminary A-key 970 is generated in the transmission server, and the fourth preliminary A-key 970 is generated in the terminal. Similar as shown in FIG. 9B, the third preliminary A-key and the fourth preliminary A-key 970 are provided with 2n bits, but in another embodiment of the present invention, 2n bits may be 64 bits.
The third server A-key and the second server A-key 977 may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the third preliminary A- key 970 are the third server A-key 977, and the low bits extracted from the fourth preliminary A-key 970 are the fourth server A-key 977. The second server authentication may occur by comparing the third server A-key 977 with the fourth server A-key 977. According to the present invention, the high bits of the third preliminary A-key and the fourth preliminary A-key 970 are actually reserved for future use; however, obviously an additional authentication process can occur via use of the reserved high bits.
FIG. 10 a flowchart showing the method for mutual authentication during the data transmission from the terminal according to another preferred embodiment of the present invention. Similar to mutual authentication when the transmission server transmits data to the terminal, mutual authentication can occur when the terminal transmits data to the transmission server.
According to the present invention and similar to the triple authentication process during the data transmission from the transmission server, a triple authentication process is possible during the data transmission from the terminal. However, because the terminal accesses a specific address designated by ISP when the terminal transmits data to the transmission server, security without the server authentication process can still be maintained. Accordingly, when the terminal transmits data to the server, the terminal can transmit data to the server only after completion of the terminal authentication process. That is, four preliminary A-keys (the first through fourth preliminary A-keys) are needed in the data transmission from the transmission server; however, the first preliminary A-key and the second preliminary A-key are needed in the data transmission from the terminal. As described above, although the authentication process occurs efficiently once during the data transmission from the terminal, it is also possible to perform the authentication process three times similar to the data transmission from the transmission server.
The authentication process during the data transmission from the terminal will be described in conjunction with FIG. 10. At step 1000 the terminal generates the random number and at step 1005 extracts ESN from the storage device connected to the terminal. At step 1010 the terminal generates the first preliminary A-key by the use of the random number and ESN. Then at step 1020 the terminal generates the first terminal A-key by extracting n bits from the first preliminary A-key. Because the way to extract the A-key of n bits from the preliminary A-key of 2n bits was already described in conjunction with FIG. 8A, a similar description will be omitted.
At step 1025 the terminal generates the terminal authentication request including the A-key, and at step 1030 transmits the request to the transmission server. Next, at step 1035 the transmission server extracts the random number included within the terminal authentication request. At step 1040 the transmission server extracts ESN of the terminal from the database connected to the transmission server. Then at step 1045 the transmission server generates the second preliminary A-key by using the received random number and the extracted ESN. At step 1050 the transmission server generates the second terminal A-key by extracting n bits from the second preliminary key. Because the way to extract the A-key of n bits from the preliminary A-key of 2n bits was already described in conjunction with FIG. 8A, a similar description will be omitted here.
At step 1060 the transmission server performs the terminal authentication process by determining the correspondence between the first terminal A-key and the second terminal A-key. According to the present invention, by letting the terminal authentication request include the data, it is possible to automatically extract the data after completion of the authentication process. If the terminal authentication request includes the data, at step 1065 the transmission server extracts and stores the data included within the terminal authentication request, and at step 1070 may transmit the data receiving a confirmation message at the terminal.
Various A-keys are shown in Table 3 below.
[TABLE 3]
Figure imgf000052_0001
The first preliminary A-key and the second preliminary A-key are generated by entering the terminal random number and ESN into the predetermined function, and the first preliminary A-key and the second preliminary A-key are the same. The first preliminary A-key is generated in the terminal, and the second preliminary A-key is generated in the transmission server. The first preliminary A-key and the second preliminary A-key according to the present invention are provided with 2n bits, but in another preferred embodiment of the present invention, 2n bits may be 64 bits.
The first terminal A-key and the second terminal A-key may be 32 low bits extracted from the 64 bits. That is, the low bits extracted from the first preliminary A- key are the first terminal A-key, and the low bits extracted from the second preliminary A-key are the second terminal A-key.
The terminal authentication may occur by comparing the first terminal A-key with the second terminal A-key. According to the present invention, the high bits of the first preliminary A-key and the second preliminary A-key are reserved for future use; however, it is apparent that an additional authentication process can occur by use of the reserved high bits.
Data formats of signals used for data transmission between the transmission server and the terminal accordmg to another preferred embodiment of the present invention will be described in conjunction with FIGS. 11A-11D. As described above, T KR02/01991
the terminal/transmission server transmits the data after completion of the authentication, or transmits the authentication request including the data as shown in FIGS. 11A -11D.
According to the present invention, the first server authentication request may include the data location information. Further, the terminal authentication request may include the data request information corresponding to the data location information. Also the second server authentication request may include the data, so when the second server authentication is completed then the data may be received automatically. Because the signals are transmitted through the long-code scrambled traffic channel, its value is not recognized outside.
The authentication request signal including information about the data will be described in more detail. FIG. 11A shows the first server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention. Referring to FIG. 11 A, the first server authentication request signal is comprised of the first server A-key 1100, the server random number 1103, and the data location information 1107. The "data location information" indicates information about the location of the data to be transmitted from the terminal to the server. Since the first server A-key 1100 and the server random number 1103 were already described, the same description will be omitted. 1991
FIG. 11B shows the terminal authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention. Referring to FIG. 11B, the terminal authentication request signal is comprised of the first terminal A-key 1110, the terminal random number 1113, and the data location information 1117. The transmission server may extract the data by use of the data location information, and transmit the extracted data shown in FIG. 11C to the terminal. Since the terminal A-key 1110 and the terminal random number 1113 were already described, the same description will be omitted.
FIG. 11C shows the second server authentication request signal during data transmission from the transmission server according to another preferred embodiment of the present invention. Referring to FIG. 11C, the second server authentication request signal is comprised of the third server A-key 1120 and the data 1123. The extracted data 1127 as shown in FIG. 11B may be transmitted by being included within the second server authentication request signal to the terminal. Since the third server A-key 1120 was already described, the same description will be omitted.
FIG. 11D shows the terminal authentication request signal during data transmission from the terminal according to another preferred embodiment of the present invention. Referring to FIG. 11D, the terminal authentication request signal is comprised of the first terminal A-key 1130, the terminal random number 1133, and the data 1135. The terminal may transmit the data by being included within the terminal authentication request signal. Since the first terminal A-key 1130 and the terminal random number were already described, the same description will be omitted.
Secure data transmission through the mutual authentication between the mobile terminal and the server has been described previously. From this point the present invention being utilized in a CDMA network will be described with the accompanying drawings, but any redundant description will be omitted.
FIG. 12A shows the process of generating the authentication information in CDMA network according to another preferred embodiment of the present invention, and FIG. 12B shows the process of generating the authentication value in CDMA network according to still another preferred embodiment of the present invention.
When the authentication information generating process in CDMA network according to the present invention is described in conjunction with FIG. 12A, the mobile terminal 100 or the mobile communication system 110 generates authentication information of 128 bits by use of the random number of 56 bits, ESN of 32 bits, the A- key of 64 bits, and the authentication information generating algorithm. Also the mobile terminal 100 or the mobile communication system 110 generates two variations of authentication information by dividing the generated authentication information of 128 bits into 64 high bits and 64 low bits.
Also, when the authentication value generating process in CDMA network according to the present invention is described in conjunction with FIG. 12B, the mobile terminal 100 or the mobile communication system 110 generates the authentication value (AUTHR) of 18 bits by use of the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits (for example, seven digits of the receiver's phone number, seven digits of the caller's phone number), 64 high bits of the authentication information of 128 bits, and the authentication information generating algorithm. Also the authentication value generating algorithm may be indicated by the CDMA standard such as IS-95, IS-2000, etc., and more particularly, "CAVE" (Cellular Authentication, Voice privacy and Encryption), "DES10" (Data Encryption Standard 10), etc.
The A-key and the authentication information (hereinafter, "Shared Secret Data" or "SSD") are used in the authentication process in CDMA network. The A-key is a particular secret key that is inputted additionally and exists only in the mobile communication system and the mobile terminal, but is also distinguished from the A- key indicating each mobile terminal or each subscriber.
In the authentication process in CDMA network, this A-key is not used directly but rather after generating an SSD, the part of the SSD that may be used in the authentication process. SSD can be divided into 64 high bits (SSD_A or pre-part of SSD) and 64 low bits (SSD_B or post-part of SSD), whereas the SSD A is used in the authentication process while the SSD_B is used for encryption. Also, when an authentication error occurs during the authentication process using an SSD, then the new SSD is generated to repeat the authentication process, but if error still occurs then the use of the mobile terminal can be restricted.
FIG. 13 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile terminal according to still another embodiment of the present invention. Referring to FIG. 13, at step 1310 the mobile communication system 110 transmits a random number to the mobile terminal. The random number of step 1310 is a random number for authenticating voice and changes according to location or time.
If data are to be transmitted to a receiver's terminal (See step 1315), the mobile terminal 100 at step 1320 generates the first terminal authentication value(AUTHR(M)). During the generation of AUTHR(M), the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits, 64 high bits of the authentication information of 128 bits, and the authentication value generating algorithm(for example, CAVE, etc,.) are used as previously described.
At step 1325, the mobile terminal 100 transmits the data receiving request to the mobile communication system through the network. The data receiving request of step 1325 may include AUTHR(M) and the data to be transmitted. At step 1330 the mobile communication system 110 generates the second terminal authentication value (AUTHR'(M)) by use of the random number of step 1310, and at step 1335 inspects whether or not the AUTHR(M) of step 1325 and AUTHR' (M) of step 1330 correspond with each other. According to the inspection shown in step 1335, if AUTHR(M) and AUTHR' (M) correspond with each other, then at step 1340 the mobile communication system 110 stores the data from the mobile terminal and transmits the data to the receiver's mobile terminal. At step 1345, the mobile communication system 110 transmits the data receiving confirmation message indicating the completion of data transmission to the mobile terminal 100 that had requested the data transmission.
FIG. 14 is a flowchart showing the authentication process in the mobile communication system during the data transmission from the mobile communication system according to still another embodiment of the present invention. Referring to FIG 14, at step 1410 the mobile communication system 110 transmits the random number to the mobile terminal 100. The random number of step 1410 serving as an access parameter is the random number for authenticating voice and changes according to location or time.
If data are to be transmitted to the mobile terminal 100(See step 1415), the mobile communication system 110 at step 1420 transmits the receiving alert message. The receiving alert message may include the data location information(for example,
URL, etc,.) indicating where the mobile terminal can receive the data from. At step 1425 the mobile terminal 100 generates the first terminal authentication value(AUTHR(M)). Accordingly, the mobile terminal 100 uses the random number of 32 bits, ESN of 32 bits, the phone number of 24 bits, 64 high bits of the authentication information of 128 bits, and the authentication value generating algorithm(for example, CAVE, etc,.) as described above.
At step 1430 the mobile terminal 100 generates the random number for server authentication(RAND_S), and at step 1435 transmits a transmission request for the data to the mobile communication through the network. The transmission request may include AUTHR(M), RAND_S, etc,. At step 1440 the mobile communication system
110 generates the second terminal authentication value(AUTHR'(M)), and at step 1445 inspects whether or not AUTHR(M) and AUTHR' (M) correspond with each other. If AUTHR(M) and AUTHR' (M) correspond with each other according to the result of step 1445, then at step 1450 the mobile communication system 110 generates the first server authentication value(AUTHR(S)) and at step 1455 transmits AUTHR(S) and the data to the mobile terminal 100 through the network.
At step 1460 the mobile terminal 100 generates the second server authentication value(AUTHR'(S)), and at step 1465 inspects whether or not AUTHR(S) and
AUTHR'(S) correspond with each other. If AUTHR(S) and AUTHR'(S) correspond with each other according to the result of step 1465, step 1470 shows the data received from the mobile communication system 110 are stored at step 1455.
Although the present invention has been described with respect to the preferred embodiment, the spirit and scope of the present invention will only be determined based the following claims. Also, it will be apparent for those skilled in the art that they may modify or amend the aforementioned embodiment within the spirit and scope of the present invention.
Industrial Applicability
According to the mutual authentication method and system between a mobile terminal and a server of the present invention, data may be securely transmitted by letting the mobile terminal and the server mutually authenticate the results of the value that is generated by the use of ESN of the mobile terminal and a random number. Secondly, it is possible to reduce the extensive amount of additional data for authentication by treating authentication information as additional fields of the data packet, and thus simplify the authentication process. Thirdly, it is possible to actively restrict improper and illegal actions of third parties by encoding authentication information and performing a mutual authentication process between the mobile terminal and the mobile communication system. Fourthly, a mobile communication system can be stably maintained by establishing a basic campaign for legitimate use of mobile service, (e.g., users in good faith need not pay any surcharge in relation to malicious use, in order to restrain and overcome it).
Furthermore, a plurality of A-keys by the use of one preliminary A-key can be generated according to the present invention. Finally, a plurality of authentication processes corresponding to the plurality of A-keys can be performed.

Claims

1. A method for securely transmitting data from a mobile terminal to a data transmission server, said method comprising the steps of: receiving an input of a transmission request for data from the user; self-producing a random number in the mobile terminal according to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a terminal authentication key included within a predetermined region of the authentication information produced; and transmitting the data, the random number, and the terminal authentication key to the data transmission server.
2. The method as stated in claiml, wherein the particular information of the mobile terminal is one among a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key(Authentication key) used in CDMA network for authentication, an SSD(Shared Secret Data), and a secret number registered by the user.
3. The method as stated in claiml, wherein the step of transmitting the data, the random number, and the terminal authentication key to the data transmission server is the step of transmitting the data, the random number, and the terminal authentication key to the data transmission server after converting them into a predetermined format.
4. A computer-readable medium including a program containing computer-executable instructions for performing the method for securely transmitting data using a mobile terminal to a data transmission server, wherein the program performs the method as stated in claim 1.
5. A method in a data transmission server for processing data received from a mobile terminal, said method comprising the steps of: receiving data, a random number, and a terminal authentication key from the mobile terminal; extracting particular information of the mobile terminal stored in advance; producing authentication information by a predetermined authentication information generation algorithm using the random number and the particular information of the mobile terminal as inputs; extracting a server authentication key included within a predetermined region of the produced authentication information; and performing an operation corresponding to the purpose of the data when the terminal authentication key coincides with the server authentication key.
6. A computer-readable medium including a program containing computer-executable instructions for performing the data processing method in a data transmission server, wherein the program performs the method as stated in claim 5.
7. A method for securely transmitting data from a data transmission server to at least one mobile terminal, said method comprising the steps of: registering data to be transmitted to the mobile terminal; self-producing a random number according to a predetermined method; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a first server authentication key included within a first region that is selected from at least one predetermined region of the authentication information; transmitting data transmission waiting data, the random number, and the first server authentication key to the mobile terminal; receiving a terminal authentication key included within a second region that is selected from at least one predetermined region and a transmission request for the 1991
registered data; extracting a second server authentication key included within a second region that is selected from at least one predetermined region of the authentication information; inspecting whether or not the terminal authentication key coincides with the second server authentication key; and transmitting the registered data to the mobile terminal through a network if the terminal authentication key coincides with the second server authentication key.
8. The method as stated in claim 7, wherein the step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal is the step of transmitting the data transmission waiting data, the random number, and the first server authentication key to the mobile terminal after converting them into a predetermined format.
9. A computer-readable medium including a program containing computer-executable instructions for performing the method for securely transmitting data in a data transmission server to at least one mobile terminal, wherein the program performs the method as stated in claim 7.
10. A method in a mobile terminal for securely receiving data from a data transmission server, said method comprising the steps of: receiving data transmission waiting data, a random number, and a server authentication key from the data transmission server; producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; extracting a first terminal authentication key included within a first region that is selected from at least one predetermined region of the authentication information; inspecting whether or not the first terminal authentication key coincides with the server authentication key; extracting a second terminal authentication key included within a second region that is selected from at least one predetermined region of the authentication information if the first terminal authentication key coincides with the server authentication key; transmitting the second terminal authentication key and a transmission request for the data corresponding to the data transmission waiting data to the data transmission server through a network; and receiving the data from the data transmission server through the network.
11. A computer-readable medium including a program containing computer-executable instructions for performing the method in a mobile terminal for securely receiving data from a data transmission server, wherein the program performs the method as stated in claim 10.
12. A system for securely transmitting data from a mobile terminal to a data transmission server, said system comprising: means for receiving an input of a transmission request for data from the user; means for self -producing a random number in the mobile terminal according to a predetermined method; means for producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; means for extracting a terminal authentication key included within a predetermined region of the produced authentication information; and means for transmitting the data, the random number, and the terminal authentication key to the data transmission server.
13. A system in a data transmission server for processing data received from a mobile terminal, said system comprising: means for receiving data, a random number, and a terminal authentication key from the mobile terminal; means for extracting particular information of the mobile terminal stored in advance; means for producing authentication information by a predetermined authentication information generation algorithm using the random number and the particular information of the mobile terminal as inputs; means for extracting a server authentication key included within a predetermined region of the produced authentication information; and means for performing an operation corresponding to the purpose of the data when the terminal authentication key coincides with the server authentication key.
14. A system for securely transmitting data from a data transmission server to at least one mobile terminal, said system comprising the steps of: means for registering data to be transmitted to the mobile terminal; means for self-producing a random number according to a predetermined method; means for producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; means for extracting a first server authentication key included within a first region and a second server authentication key included within a second region, wherein the first region and the second region are selected from at least one predetermined region of the authentication information; means for receiving a terminal authentication key included within the second region that is selected from at least one predetermined region and a transmission request for the registered data; means for inspecting whether or not the terminal authentication key coincides with the second server authentication key; and means for transmitting data transmission waiting data, the random number, and the first server authentication key to the mobile terminal, and the registered data to the mobile terminal through a network if the terminal authentication key coincides with the second server authentication key.
15. A system in a mobile terminal for securely receiving data from a data transmission server, said system comprising: means for receiving data transmission waiting data, a random number, and a server authentication key from the data transmission server, and the data from the data transmission server through the network; means for producing authentication information by a predetermined authentication information generation algorithm using the random number and particular information of the mobile terminal as inputs; means for extracting a first terminal authentication key included within a first region that is selected from at least one predetermined region of the authentication information, and a second terminal authentication key included within a second region that is selected from at least one predetermined region of the authentication information if the first terminal authentication key coincides with the server authentication key; means for inspecting whether or not the first terminal authentication key coincides with the server authentication key; and means for transmitting the second terminal authentication key and a transmission request for the data corresponding to the data transmission waiting data to the data transmission server through a network.
16. A method in a mobile terminal for performing a mutual authentication between the mobile terminal and a transmission server, said method comprising the steps of: receiving a first server authentication request comprising a server random number and a first server authentication key from the transmission server; producing a second server authentication key by the use of the server random number and particular information corresponding to the mobile terminal, wherein the particular information is one selected from a group consisting of an ESN(Electronic
Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key(Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user; authenticating firstly the transmission server by the use of the first server authentication key and the second server authentication key; producing a first terminal authentication key by the use of a terminal random number produced by the mobile terminal and the particular information corresponding to the mobile terminal; transmitting a terminal authentication request comprising the terminal random number and the first terminal authentication key to the transmission server, wherein the transmission server authenticates the mobile terminal by the use of the first terminal authentication key and a second terminal authentication key produced by the transmission server; receiving a second server authentication request comprising a third server authentication key produced by the use of the terminal random number and the particular information from the transmission server; producing a fourth server authentication key by the use of the terminal random number and the particular information; and authenticating secondly the transmission server by the use of the third server authentication key and the fourth server authentication key.
17. The method as stated in claim 16, wherein the transmission server produces the first server authentication key by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
18. The method as stated in claim 16, wherein the second server authentication key is produced by the steps of: extracting the server random number from the first server authentication request; extracting the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
19. The method as stated in claim 16, wherein the transmission server produces the third server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
20. The method as stated in claim 16, wherein the fourth server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extractmg n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
21. The method as stated in claim 16, wherein the first server authentication request further comprises data location information.
22. The method as stated in claim 16, wherein the terminal authentication request further comprises data location information.
23. The method as stated in claim 16, wherein the second server authentication request further comprises data.
24. A method in a transmission server for performing a mutual authentication between a mobile terminal and the transmission server, said method comprising the steps of: producing a first server authentication key by the use of a server random number and particular information corresponding to the mobile termmal, wherein the particular information is one selected from a group consisting of an ESN(Electronic Serial Number), a MIN(Mobile Identification Number), a personal number stored in NAM(Number Assignment Module), an A-key(Authentication key) used in CDMA network for authentication, a SSD(Shared Secret Data), and a secret number registered by the user; producing a first server authentication request comprising the server random number and the first server authentication key; transmitting the first server authentication request to the mobile terminal, wherein the mobile terminal authenticates the transmission server by the use of the first server authentication key included in the first server authentication request and a second server authentication key produced by the mobile terminal; receiving a terminal authentication request from the mobile terminal, wherein the terminal authentication request comprises a terminal random number produced by the mobile terminal and a first terminal authentication key; producing a second terminal authentication key by the use of the first server authentication key ; authenticating the mobile terminal by the use of the first terminal authentication key and the second terminal authentication key; producing a third server authentication key by the use of the terminal random number and the particular information; transmitting a second server authentication request comprising the third server T KR02/01991
authentication key to the mobile terminal, wherein the mobile terminal secondly authenticates the transmission server by the use of the third server authentication key included in the second server authentication request and a fourth server authentication key produced by the mobile terminal.
25. The method as stated in claim 24, wherein the first server authentication key is produced by the steps of: producing the server random number; extracting the particular information from a database connected to the transmission server; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the second terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
26. The method as stated in claim 24, wherein the mobile terminal produces the second 1991
server authentication key by the steps of: extracting the server random number from the first server authentication request; extracting the particular information stored in a storage of the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the server random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits, and wherein the first terminal authentication key consists of the remaining n bits of the preliminary bits other than the extracted n bits.
27. The method as stated in claim 24, wherem the third server authentication key is produced by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are P T/KR02/01991
extracted from the preliminary authentication key of 2n bits.
28. The method as stated in claim 24, wherein the mobile terminal produces the fourth server authentication key by the steps of: producing a preliminary authentication key of 2n bits by the use of the terminal random number and the particular information; and extracting n bits from the preliminary authentication key according to a predetermined method, wherein the extracted n bits are either n low bits or n high bits, but both are extracted from the preliminary authentication key of 2n bits.
29. The method as stated in claim 24, wherein the first server authentication request further comprises data location information.
30. The method as stated in claim 24, wherein the terminal authentication request further comprises data location information.
31. The method as stated in claim 24, wherein the second server authentication request further comprises data.
32. A method for producing a mobile terminal authentication key in a mobile terminal, said method comprising the steps of: producing a random number; extracting particular information corresponding to the mobile terminal; producing a preliminary authentication key of 2n bits by the use of the random number and the particular information; producing a first terminal authentication key by extracting n bits from the preliminary authentication key according to a predetermined method; and producing a second terminal authentication key by extracting n bits that are not included within the first terminal authentication key from the preliminary authentication key, wherein the two terminal authentication keys are produced from one preliminary authentication key.
PCT/KR2002/001991 2001-10-26 2002-10-25 System and method for performing mutual authentication between mobile terminal and server WO2003036867A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR2001/66359 2001-10-26
KR10-2001-0066359A KR100462044B1 (en) 2001-10-26 2001-10-26 Secure data transfer service system and method between a data transfer server and a user terminal
KR2002/28432 2002-05-22
KR10-2002-0028432A KR100449572B1 (en) 2002-05-22 2002-05-22 Method and system for performing mutual authenticating between mobile terminal and server

Publications (2)

Publication Number Publication Date
WO2003036867A1 true WO2003036867A1 (en) 2003-05-01
WO2003036867B1 WO2003036867B1 (en) 2004-04-08

Family

ID=26639430

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/001991 WO2003036867A1 (en) 2001-10-26 2002-10-25 System and method for performing mutual authentication between mobile terminal and server

Country Status (2)

Country Link
CN (1) CN100361436C (en)
WO (1) WO2003036867A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004102884A1 (en) * 2003-05-16 2004-11-25 Huawei Technologies Co., Ltd. A method for performing authentication in a wireless lan
WO2007101966A1 (en) * 2006-03-07 2007-09-13 France Telecom Authenticating a computer device at user level
US7400692B2 (en) 2004-01-14 2008-07-15 Interdigital Technology Corporation Telescoping window based equalization
US7437135B2 (en) 2003-10-30 2008-10-14 Interdigital Technology Corporation Joint channel equalizer interference canceller advanced receiver
CN1549482B (en) * 2003-05-16 2010-04-07 华为技术有限公司 A Method for Realizing High-Rate Packet Data Service Authentication
CN105373733A (en) * 2014-08-20 2016-03-02 中国石油天然气股份有限公司 Method and device for preventing geological research data from divulging
CN105933350A (en) * 2016-07-01 2016-09-07 浪潮(北京)电子信息产业有限公司 Security enhancement method and device for serial port protocol
CN106034028A (en) * 2015-03-17 2016-10-19 阿里巴巴集团控股有限公司 A terminal device authentication method, device and system
EP2368339B1 (en) 2008-12-03 2017-08-09 Entersekt International Limited Secure transaction authentication
CN111586340A (en) * 2020-05-08 2020-08-25 青岛海信医疗设备股份有限公司 Image data loading and providing method and device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7628322B2 (en) * 2005-03-07 2009-12-08 Nokia Corporation Methods, system and mobile device capable of enabling credit card personalization using a wireless network
KR100742362B1 (en) * 2005-10-04 2007-07-25 엘지전자 주식회사 Method and apparatus for securely transmitting and receiving content in mobile communication network
CN101309436B (en) 2008-07-02 2012-04-18 三一重工股份有限公司 Wireless communication equipment matching authentication method, device and system
US20120291106A1 (en) * 2010-01-19 2012-11-15 Nec Corporation Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program
JP2014053675A (en) * 2012-09-05 2014-03-20 Sony Corp Security chip, program, information processing device, and information processing system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR960011734A (en) * 1994-09-10 1996-04-20 양승택 Automatic password generation and determination method
US5661806A (en) * 1994-03-29 1997-08-26 France Telecom Process of combined authentication of a telecommunication terminal and of a user module

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS60112176A (en) * 1983-10-31 1985-06-18 アタラ・コーポレーシヨン Pocket terminal and guaranteed banking business transaction method and system
JP2786092B2 (en) * 1993-10-18 1998-08-13 日本電気株式会社 Mobile communication terminal authentication method
US5513245A (en) * 1994-08-29 1996-04-30 Sony Corporation Automatic generation of private authentication key for wireless communication systems
FR2790177B1 (en) * 1999-02-22 2001-05-18 Gemplus Card Int AUTHENTICATION IN A RADIOTELEPHONY NETWORK

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5661806A (en) * 1994-03-29 1997-08-26 France Telecom Process of combined authentication of a telecommunication terminal and of a user module
KR960011734A (en) * 1994-09-10 1996-04-20 양승택 Automatic password generation and determination method

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004102884A1 (en) * 2003-05-16 2004-11-25 Huawei Technologies Co., Ltd. A method for performing authentication in a wireless lan
CN1549482B (en) * 2003-05-16 2010-04-07 华为技术有限公司 A Method for Realizing High-Rate Packet Data Service Authentication
US7437135B2 (en) 2003-10-30 2008-10-14 Interdigital Technology Corporation Joint channel equalizer interference canceller advanced receiver
US7400692B2 (en) 2004-01-14 2008-07-15 Interdigital Technology Corporation Telescoping window based equalization
WO2007101966A1 (en) * 2006-03-07 2007-09-13 France Telecom Authenticating a computer device at user level
FR2898448A1 (en) * 2006-03-07 2007-09-14 France Telecom AUTHENTICATION OF A COMPUTER DEVICE AT THE USER LEVEL
EP2368339B1 (en) 2008-12-03 2017-08-09 Entersekt International Limited Secure transaction authentication
EP2368339B2 (en) 2008-12-03 2022-10-05 Entersekt International Limited Secure transaction authentication
CN105373733A (en) * 2014-08-20 2016-03-02 中国石油天然气股份有限公司 Method and device for preventing geological research data from divulging
CN106034028A (en) * 2015-03-17 2016-10-19 阿里巴巴集团控股有限公司 A terminal device authentication method, device and system
CN106034028B (en) * 2015-03-17 2019-06-28 阿里巴巴集团控股有限公司 A terminal equipment authentication method, device and system
CN105933350A (en) * 2016-07-01 2016-09-07 浪潮(北京)电子信息产业有限公司 Security enhancement method and device for serial port protocol
CN111586340A (en) * 2020-05-08 2020-08-25 青岛海信医疗设备股份有限公司 Image data loading and providing method and device

Also Published As

Publication number Publication date
WO2003036867B1 (en) 2004-04-08
CN100361436C (en) 2008-01-09
CN1575563A (en) 2005-02-02

Similar Documents

Publication Publication Date Title
US7735126B2 (en) Certificate based authentication authorization accounting scheme for loose coupling interworking
JP4615892B2 (en) Performing authentication within a communication system
EP1430640B1 (en) A method for authenticating a user in a terminal, an authentication system, a terminal, and an authorization device
US7574599B1 (en) Robust authentication and key agreement protocol for next-generation wireless networks
US6427073B1 (en) Preventing misuse of a copied subscriber identity in a mobile communication system
US7444513B2 (en) Authentication in data communication
US20040162998A1 (en) Service authentication in a communication system
US9088565B2 (en) Use of a public key key pair in the terminal for authentication and authorization of the telecommunication user with the network operator and business partners
US5799084A (en) System and method for authenticating cellular telephonic communication
KR20010112618A (en) An improved method for an authentication of a user subscription identity module
HK1080246A1 (en) Method and system for challenge-response user authentication
JPH07115413A (en) Mobile communication terminal authentication system
WO2003036867A1 (en) System and method for performing mutual authentication between mobile terminal and server
EP1157582B1 (en) Authentication method for cellular communications systems
EP1992185A2 (en) Fast re-authentication method in umts
EP1680940B1 (en) Method of user authentication
AU732083B2 (en) Method and apparatus for providing authentication security in a wireless communication system
US20020169958A1 (en) Authentication in data communication
Patel Weaknesses of North American wireless authentication protocol
EP1311136A1 (en) Authentication in telecommunications networks
KR100545512B1 (en) Reuse Intrusion Prevention System and Method in Wireless Communication
US7570764B2 (en) Sequence number calculation and authentication in a communications system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims

Effective date: 20030417

WWE Wipo information: entry into national phase

Ref document number: 20028212797

Country of ref document: CN

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP