Personal subscriber stations such as cellular telephones or other Personal Communication System (PCS) equipment are commonly used to communicate with other parties via a wireless communications system, such as a cellular telephone network. The ability of a personal subscriber station to access and properly operate within a wireless communications system depends in large part upon certain unique, and often secret, operational information which is programmed into each subscriber station prior to activation of wireless service, or initial use of the equipment within the wireless system. Generally, this operational information is used for such things as "authentication" of the subscriber station. Authentication is a procedure whereby information is exchanged between a subscriber station and a base station for purposes of enabling the base station to confirm the identity, or validity, of the subscriber station. A standardized method for authenticating a cellular subscriber station has been established by the Telecommunications Industry Association (TIA). This procedure is described in EIA/TIA Interim Standard IS-54 (IS-54) and TIA/EIA Telecommunications Systems Bulletin TSB50 (TSB50), both of which are hereby incorporated herein by reference.
A successful outcome of the authentication process generally occurs only when it can be demonstrated that the subscriber station and the base station process identical sets of Shared Secret Data (SSD). This Shared Secret Data is generally a multi-bit pattern stored in semi-permanent memory of the subscriber station. It is, however, known to the Base Station and is calculated, or derived, based upon certain information which may include operational information unique to the subscriber station. One method of deriving SSD is more thoroughly disclosed in TIA IS-54.
Operational information may include such things as a Mobile Identification Number (MIN), or a Personal Identification Number (PIN), sometimes referred to as "A-Key". A Mobile Identification Number generally refers to the directory telephone number assigned to the particular subscriber unit and is considered non-secret. The Personal Identification Number on the other hand is a secret number which is managed by the Home Service Operator for each subscriber station. The PIN is intended primarily for use in "authenticating" the subscriber station. Both the PIN and MIN identities are uniquely assigned to a particular subscriber station which is further distinguished by an Electronic Serial Number (ESN). The ESN may be, for example, a 32-bit binary number which uniquely identifies the subscriber station to any cellular system. It is generally factory-set and is not readily alterable since modification thereof generally requires a special facility not normally available to subscribers. Whereas the ESN and MIN are generally not regarded as secret information, the PIN, or A-Key, is usually considered confidential. This confidentiality, however, may be jeopardized under commonly accepted practices for authenticating a cellular telephone or the like.
Generally, confidential operational information such as A-Key information is generated for a subscriber station only when a new customer, or subscriber, contracts with a wireless communication system operator (Home Service Operator) for wireless service. However, A-Key information may also be generated in those situations when the validity of an active A-Key value is in question.
A procedure for loading confidential A-Key or Authentication information, or the like, into a subscriber station via a numeric keypad, is described in TIA IS-54 and TIA TSB50. Under this procedure, A-Key information or values are usually generated and issued to a new subscriber by a Home Service Operator. The A-Key value information is then delivered to the new subscriber, in printed form, either at the point of sale by an agent of the Home Service Operator or via the postal service. With reference to FIG. 2, once the "A-Key" value information is received by a subscriber, the information must be manually entered, or programmed, via a keypad (23) into the subscriber station (20) during a special programming mode of the subscriber station. This information is then stored in the A-Key register (21).
Under the procedure for loading authentication information into a subscriber station described in IS-54 And TSB50, the confidential authentication information is, at best, only minimally secure from the risk of theft or pirating. This is due, in part, to the fact that operational personnel involved in generating, issuing, printing and mailing authentication information to subscribers, have access to the authentication information and ample opportunity to pirate the information during the course carrying out their duties. Further, by mailing authentication information to a subscriber, there exists the additional risk that the authentication information can be intercepted, or retrieved from the mail, by an unauthorized party. The stolen authentication information could then be loaded into a "clone" or "pirate" subscriber station, while the printed material disclosing the authentication information is re-mailed or otherwise allowed to reach the legitimate subscriber who would have no immediate knowledge that this confidential operational information had been pirated.
Other disadvantages of this method of generating and entering authentication information include the fact that the manual entry of, for instance, a 26 digit authentication number into a subscriber station can be awkward or burdensome for a user. Further, if an error is made during the manual entry of the authentication number the entire authentication number must be re-entered, since it is not possible to correct only the erroneously entered digit or digits.