公开(公告)号：AU2008307670A1

公开(公告)日：2009-04-09

申请号：AU2008307670

申请日：2008-09-24

Applicant: LUCENT TECHNOLOGIES INC

Inventor： MORGAN TODD CARTWRIGHT ,  PATEL SARVAR ,  THOMPSON ROBIN JEFFREY

IPC: H04W12/06

Abstract: The present invention provides a method involving a femtocell in communication with a secure core network such as an Internet Protocol Multimedia Subsystem (IMS) network. The method includes receiving, from the femtocell and at a first secure entity in the IMS network, a global challenge including information indicating a random number. The method also includes receiving an authentication response computed by a mobile unit based on the random number and the first key known by the mobile unit and not known by the femtocell. The method further includes determining, at the first secure entity, that the random number is a legitimate random number provided to the femtocell by the IMS network.

公开(公告)号：DE69934288T2

公开(公告)日：2007-06-21

申请号：DE69934288

申请日：1999-10-12

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR ,  RAMZAN ZULFIKAR AMIN

IPC: G06T9/00 ,  H03M7/40 ,  G06F7/60 ,  G06F17/10 ,  G09C1/00 ,  H03M7/30

Abstract: An efficient hashing technique uses w + w/2 operations to hash a string "w" words long rather than the w operations of the prior art. This efficiency is achieved by squaring the sum of the key and the string to be hashed rather than forming a product of the key and the string to be hashed.

公开(公告)号：DE69929574T2

公开(公告)日：2006-08-10

申请号：DE69929574

申请日：1999-07-20

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: H04L9/08 ,  H04L12/28 ,  H04L9/00 ,  H04L29/06 ,  H04W12/04

Abstract: In the method for securing over-the-air communication in wireless system, a mobile sends a system access request and dummy data associated with the system access request to a network. The network sends a first data stream including a first data portion to the mobile in response to the system access request and the dummy data. The mobile extracts the first data portion from the first bit stream, and sends a second bit stream to the network. The second bit stream includes a second data portion. The mobile and the network both generate a key based on the first data portion and the second data portion, and establish a first encrypted and authenticated communication channel in cooperation using the key. The mobile then transfers authorizing information to the network over the first encrypted and authenticated communication channel. If accepted, a second encrypted and authenticated communication channel is established. The network then sends sensitive information such as the root or A-key to the mobile over the second encrypted and authenticated communication channel.

公开(公告)号：DE69929574D1

公开(公告)日：2006-04-13

申请号：DE69929574

申请日：1999-07-20

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: H04L9/08 ,  H04L12/28 ,  H04L9/00 ,  H04L29/06 ,  H04W12/04

Abstract: In the method for securing over-the-air communication in wireless system, a mobile sends a system access request and dummy data associated with the system access request to a network. The network sends a first data stream including a first data portion to the mobile in response to the system access request and the dummy data. The mobile extracts the first data portion from the first bit stream, and sends a second bit stream to the network. The second bit stream includes a second data portion. The mobile and the network both generate a key based on the first data portion and the second data portion, and establish a first encrypted and authenticated communication channel in cooperation using the key. The mobile then transfers authorizing information to the network over the first encrypted and authenticated communication channel. If accepted, a second encrypted and authenticated communication channel is established. The network then sends sensitive information such as the root or A-key to the mobile over the second encrypted and authenticated communication channel.

公开(公告)号：CA2335172C

公开(公告)日：2005-04-12

申请号：CA2335172

申请日：2001-02-09

Applicant: LUCENT TECHNOLOGIES INC

Inventor： MACKENZIE PHILIP DOUGLAS ,  PATEL SARVAR ,  GROSSE ERIC ,  BOYKO VICTOR VLADIMIR

IPC: G06F21/20 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00

Abstract: Secure communication protocols are disclosed in which two parties genera te a shared secret which may be used as a secure session key for communication between the parties. The protocols are based on Diffie-Hellman type key exchange in which a Diffie-Hellman value is combined with a function of at least a password using the group operation such that the Diffie-Hellman value may be extracte d by the other party using the inverse group operation and knowledge of the password. In one embodiment, each of the parties explicitly authenticates the other party, while in another embodiment, the parties utilize implicit authentication relying o n the generation of an appropriate secret session key to provide the implicit authentication. Typically, the parties will be a client computer and a serve r computer. In accordance with other embodiments of the invention, in order to protect against a security compromise at the server, the server is not in possession of the password, but instead is provided with, and stores, a so-called password verifier which is a function of the password and where the password itself cannot be determined from the value of the password verifier.

公开(公告)号：DE69914999T2

公开(公告)日：2004-12-23

申请号：DE69914999

申请日：1999-07-20

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: G09C1/00 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06 ,  H04W12/06

Abstract: According to the two party authentication method, a first party generates and transfers a random number to a second party as a first challenge. The second party increments a count value in response to the first challenge, generates a first challenge response by performing a keyed cryptographic function (KCF) on the first challenge and the count value using a first key, and transfers the count value, as a second challenge, and the first challenge response to the first party. The first party verifies the second party based on the first challenge, the second challenge and the first challenge response. The first party also generates a second challenge response by performing the KCF on the second challenge using the first key, and transfers the second challenge response to the second party. The second party verifies the first party based on the second challenge and the second challenge response. For instance, the first and second parties can be a network and mobile, respectively, in a wireless system. Also, based on the first and second challenges, both the first and second parties may generate another key.

公开(公告)号：TR200402260T4

公开(公告)日：2004-12-21

申请号：TR200402260

申请日：2001-11-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: H04L9/08 ,  G09C1/00 ,  H04L9/32 ,  H04Q7/38

Abstract: A message authentication system for generating a message authentication code (MAC) uses a single iteration of a keyed compression function when a message fits within an input block of the compression function, thereby improving efficiency. For messages that are larger than a block, the MAC system uses nested hash functions. The MAC system and method can use portions of the message as inputs to the nested hash functions. For example, the message authentication system can split the message into a first portion and a second portion. A hash function is performed using the first portion of the message as an input to achieve an intermediate result, and a keyed hash function is performed using a second portion of the message and the intermediate result as inputs. Thus, less of the message needs to be processed by the inner hash function, thereby improving efficiency, especially for smaller messages.

公开(公告)号：ES2220679T3

公开(公告)日：2004-12-16

申请号：ES01309740

申请日：2001-11-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04Q7/38

Abstract: Un método de tratar un mensaje para autenticación utilizando una función de compresión (90) y una función resumen anidada que incluye una función resumen interna (100) y una función resumen externa (102), por lo que dicha función resumen interna (100) produce un resultado para dicha función resumen externa (102), caracterizándose dicho método por: llevar a cabo una repetición única de dicha función de compresión (90) empleando una clave (K) y dicho mensaje (X) como entradas si el citado mensaje (X) cabe en un bloque de entrada de dicha función de compresión (90); y si dicho mensaje es mayor que el citado bloque de entrada de dicha función de compresión (90), proporcionar dicho mensaje (X) y una clave a dicha función resumen anidada para tratar el citado mensaje (X).

公开(公告)号：DE69806886T2

公开(公告)日：2003-03-27

申请号：DE69806886

申请日：1998-10-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: H04L9/32 ,  H04W12/06 ,  H04Q7/22 ,  H04Q7/38

Abstract: The present invention strengthens authentication protocols by making it more difficult for handset impersonators to gain system access using replay attacks. This goal is accomplished using challenge codes as a parameter for determining authentication codes, whereby different challenge codes cause different authentication codes to be generated. In one embodiment, the challenge codes are functions of challenge types (e.g., global or unique challenges) and/or handset states (e.g., call origination, page response, registration, idle, and SSD-A update). This embodiment prevents handset impersonators from successfully utilizing replay attacks to impersonate a legitimate handset if the legitimate handset is in a different state than the handset impersonator, or if the legitimate handset is responding to a different challenge type than the handset impersonator.

公开(公告)号：BR9903783A

公开(公告)日：2000-09-05

申请号：BR9903783

申请日：1999-08-19

Applicant: LUCENT TECHNOLOGIES INC

Inventor： PATEL SARVAR

IPC: H04L9/32 ,  H04W12/02 ,  H04W88/02 ,  H04Q7/38

Abstract: In the method for protecting mobile anonymity, the network sends a temporary mobile identifier (TID) update request to the mobile along with a challenge. In response, the mobile encrypts its permanent ID through public key encryption using the public key of the network, and sends the encryption result to the network. Also, the mobile generates a second challenge, and a first challenge response. The first challenge response is generated by performing a keyed cryptographic function (KCF) on the first and second challenges using a key. The mobile sends the second challenge and the first challenge response to the network with the encrypted permanent ID. After decrypting the permanent ID, the network accesses the key associated with mobile using the permanent ID. Next, using the key, the network authenticates the mobile using the second challenge and the first challenge response. If authenticated, the network calculated a TID for the mobile using the first and second challenges. The network further generates and sends a second challenge response to the mobile. If the mobile authenticates the network based on the second challenge response, then the mobile calculates the TID in the same manner as did the network.