Method and apparatus for privacy and authentication in wireless networks

Abstract

A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert-Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert-Mobile is valid. If the Cert-Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert-Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert-Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub-Base) the signature on the message. The signature is verified by taking the base message and appending it to CH1 and the list of shared key algorithms that the mobile provided in the first message. If the base signature is not valid, then the communication attempt is aborted. In the event that the base signature is valid, the mobile determines the value of RN1 by decrypting Pub-Mobile, RN1 under the private key of the mobile. The mobile then generates RN2 and the session key, and encrypts RN2 under the Pub-Base. The mobile sends the encrypted RN2 and E(Pub-Mobile, RN1) to the base. The base then verifies the mobile signature using the Pub-Mobile obtained from the Cert-Mobile. If the mobile signature is verified, the base decrypts E(Pub-Base, RN2) using its private key. The base then determines the session key. The mobile and base may then enter a data transfer phase using encrypted data which is decrypted using the session key which is RN1 (+)RN2.

Description

BACKGROUND OF THE INVENTION1. Field of the InventionThe present invention relates to methods and apparatus for providing privacy and authentication in a wireless network. More particularly, the present invention provides a system using both public key and shared key encryption techniques for communications between wireless mobile devices and a base station.2. Art BackgroundThe advent of portable personal computers and workstations has expanded the concept of networks to include mobile devices. These mobile devices may be moved between global networks as well as within local networks. For example, a user of a portable notebook computing device may physically carry his computer from Palo Alto, California to Bangkok, Thailand. If the computer must interact and communicate with other computers coupled to a network, issues of network security naturally arise. In particular, if the user's computer communicates over a wireless link, for example with a local base station or through a direct...

AI Technical Summary

Problems solved by technology

Unfortunately, since a wireless medium has no physical protection, introducing a wireless network negates any inherent protection which a physical network provides.

Two other alternatives, end-to-end security at the application layer and end-to-end sec...

Images