In recent years, the use of cellular phones for both personal and business related communication has become more popular. The obvious appeal of wireless service is the portability of the telephone, with users no longer confined to a particular space or address. However, this portability also poses a dilemma for the cellular telephone system provider, which must determine the identity of the individual making or authorizing the call for billing purposes and decide if the individual is a subscriber i.e., determine whether the individual is entitled to make the call at all.
One common way to "authenticate" callers, i.e., verify that they are who they claim to be, is set forth in FIG. 3. Each subscriber is provided with a unique, secret "key," which is also maintained in a database record kept by the cellular service provider, i.e., at the cellular service provider station. When a user wishes to make a call from a cellular terminal, i.e., when the user's phone goes off the hook, then in Step 202, the cellular-service provider transmits a signal representing a random number to the terminal. In Step 203, the terminal encrypts the random number with the user's unique key and a predetermined algorithm. Then in Step 204, the encrypted result is transmitted back to the cellular-service provider. There, the same random number is encrypted, again with the user's unique key and the same predetermined algorithm. In Step 206 this encrypted result independently calculated by the cellular service provider is compared with that transmitted from the cellular terminal. If the comparison is a match, the caller is "authenticated" and the call is allowed to proceed. Otherwise, authentication fails, and the user is refused access to the cellular network.
Unfortunately, the above described authentication procedure is not entirely satisfactory. It involves extensive calculation at both the user's terminal and the cellular service provider, as well as a number of transmissions between the two. Since a call is not allowed to proceed until the entire authentication is completed, call processing may be significantly delayed.
In addition, it is relatively simple to scan or monitor cellular phone transactions such as the above-described authentication procedure. Therefore, an unauthorized individual can easily obtain the random number and encrypted response transmitted between the terminal and the cellular service provider. In addition, the predetermined algorithm used in encryption will often be well known in the art, e.g., CAVE algorithm. Thus, the only unknown for the unauthorized individual intending to circumvent the authentication security procedure via scanning is the user's unique key, which unfortunately may be decoded once the random number, encrypted result and ciphering algorithm are known. In fact, unauthorized cellular phone use is not unusual, and has significantly increased the industry's cost of doing business.
Therefore, what is needed is an improved authentication procedure which does not unduly delay call processing and at the same time renders unauthorized cellular use less likely.