A. Field of the Invention
The present invention relates generally to wireless communications, and more particularly to over the air service provisioning techniques and methods for the activation of wireless communication devices.
B. Description of the Related Art
After purchasing a wireless communication device, such as a cellular telephone, the user must have the device activated or provisioned for use. Several systems have been used or have been proposed to establish the provisioning of these devices. Generally, these systems use cryptographic authentication, confidentiality and/or identification.
Any commercial application that contains some form of cryptographic authentication, confidentiality and/or identification requires an efficient, cost effective and secure key generation and distribution capability. The requirements of the cellular phone system, however, are much more constraining than most applications because the cellular phones have very minimal computational capabilities and the authenticated setup protocol is generally performed without the user and carrier ever meeting face-to-face. Moreover, cellular phone companies desire that the key distribution and generation mechanism be as convenient and transparent to the user as possible.
The user/carrier key management infrastructure for the authentication based wireless system is based on a key hierarchy generated from a user""s unique authentication key (A-key).
The A-key is, for example, a 64-bit value used to generate a user""s temporary authentication keys as well as privacy keys for data, voice and messaging. There are currently several proposed and implemented approaches for A-key generation and distribution.
In one approach, the A-key is generated by the service provider using either manual entry by the customer or electronic distribution at the point of sale. This approach requires an unacceptable level of participation from an untrusted sales agent. It also requires training of sales agents, which is costly for stores, and extra time for each purchase, which can be used better for selling. Moreover, for electronic distribution, standard interfaces for all phones are needed or different equipment is required for each phone and/or manufacturer. Customers could manually enter the keys, but this method is considered unacceptable to the cellular industry because it leads to difficult key distribution mechanisms, which many customers may find as unacceptable.
Another approach is Over-the-Air Service Provisioning (OTASP), which is a process in which a wireless network can activate a subscriber rapidly without the need for an activation agent. This approach uses collaborative key generation and dissemination by the wireless communication device and the service provider, or carrier, after purchase. It does not require the manufacturer to perform a unique operation for each phone. It also eliminates the need for sales agents to program phones for customers at the point of its sale. The ultimate goal of OTASP is to enable a potential customer to purchase a wireless communication device in a store and almost instantly become activated without the hassle of waiting or dealing with an activation agent. In order to activate the customer, the carrier must input a unique A-key into the subscriber""s wireless communication device in an unobtrusive, but secure manner.
Public-Key technologies such as RSA and Diffie-Hellman Key Exchange have been considered to provide secure A-key distribution in cellular networks. Although these Public-Key technologies have advantages, there are significant disadvantages to cellular telephone manufacturers, cellular switch manufacturers, cellular carriers, and most importantly cellular subscribers which affect the security, performance, and efficiency of the cellular network.
One such problem with these Public-Key technologies is the susceptibility to a man-in-the-middle (MIM) attack. Both Diffie-Hellman key exchange and RSA are susceptible to an MIM attack. The attack is possible using existing commercial technology and could be implemented relatively inexpensively. Diffie-Hellman key exchange enables rapid determination of an MIM attack while allowing a denial of service attack on a new subscriber, which may be unacceptable to service providers.
In both RSA and Diffie-Hellman key exchange, the encrypted A-Key is transmitted and created over the air interface between the service provider and the new subscriber. Because the A-key is being transmitted over the air, it may be susceptible to cryptoanalysis. Both RSA and Diffie-Hellnan key exchange also require exponentiation, which is computational intensive for an 8 or 16-bit microcontroller within existing wireless communication devices (e.g. cellular telephones). For instance, each exponentiation in a Diffie-Hellman key exchange may require two or three minutes within a cellular telephone, forcing an OTASP session to take four to six minutes. This six minutes would essentially be dead time in which the new subscriber and carrier would have to wait for voice or message privacy before the subscriber provided important personal information such as a credit card number.
RSA OTASP uses an encryption exponent of three (e=3) to reduce the processing load on a cellular telephone and significantly reduce activation time although the effect of using low exponent encryption on the security of RSA is unclear. Both OTASP Public-Key algorithms use a 512-bit modulus which is considered small for applications such as PGP (Pretty Good Privacy) and PEM (Privacy Enhanced Mail) but reduces time required for key exchange. An increase in the modulus size would significantly increase the time required for OTASP.
RSA uses a modulus that is the product of two large prime numbers. The security of RSA is based on the difficulty in factoring large numbers. Diffie-Hellman key exchange uses a single large prime number as the modulus. The security of Diffie-Hellman key exchange is dependent upon the inability of an attacker to compute the discrete log of a large number. As factoring techniques and computer processing power increase, however, the minimnum modulus size for these algorithms will have to increase in order to maintain the same level of security. As a result, the standard for these Public-Key OTASP cellular telephones will have to change to accommodate the larger message formats, causing incompatibilities between older and newer cellular telephones.
In these systems, each wireless communication device is required to perform computational intensive exponentiations. In order to reduce exponentiation time and alleviate the main CPU from excessive work, an Arithmetic Processing Unit (ALU) or Public-Key Digital Signal Processor (DSP) may be added to the device, increasing unit cost. Each wireless communication device may also use a dedicated Random Number Generator (RNG) chip to provide the secure random number generation required by Diffie-Hellman, increasing unit cost. Also, the additional hardware may reduce the battery life and performance of the devices. Additional hardware may be required at the switch to perform random number generation and exponentiation.
Systems and methods consistent with the present invention efficiently and securely perform over the air service provisioning of cellular telephones and other wireless communication devices. To ensure security, an authentication key used to activate the wireless device is never transmitted over the air. In addition, mutual authentication is performed between the wireless communication device and the service provider using an embedded private-key algorithm to ensure proper authentication key transfer.
To obtain the advantages of, and in accordance with the purpose of the invention, as embodied and broadly described herein, a method for activating a wireless communication device includes the steps of transmitting from the wireless communication device an identifier corresponding to an encrypted authentication key stored in the wireless communication device, receiving a mask at the wireless communication device in response to the transmission of the identifier, and recovering an authentication key for activating the wireless communication device by applying the mask to the encrypted authentication key.
Both the foregoing general description and the following detailed description provide examples and explanations only. They do not restrict the claimed invention.