The present invention relates to a communication processing unit, represented by a base station or card reader in a mobile telecommunication system or IC card system, for instance, authenticates a communication terminal which is connected thereto, such as a terminal or IC card, when the communication processing unit grants a service requested by the communication terminal. The invention also pertains to a communication terminal and a communication processing unit using the authentication method.
FIGS. 1A and 1B show, by way of example, systems to which the present invention is applied. In FIG. 1A, each communication terminal 10 is connected via a communication channel 40 to a communication processing unit 20, which is connected via a communication channel 50 to a memory 30. The communication channel 40 is a radio or wired channel. When the communication channel 40 is a radio channel, the system is, for example, a mobile telecommunication system, in which case the communication terminal 10 is a mobile station or portable station and the communication processing unit 20 is a base station or switching center. For instance, in the case of a personal communication system using an ordinary terminal, the communication channel 40 is a wired channel and the communication terminal 10 is a combination of a registered IC card owned by a user and a telephone set into which the user inserts the IC card to receive his requested service, and the communication processing unit 20 is an exchange or switch. In these cases, the communication processing unit grants requested communication services after authenticating the validity of the mobile station, the portable station and the user. As depicted in FIG. 1B, in an IC card system, the communication terminal 10 corresponds to an IC card and the communication processing unit 20 a card reader which reads out and writes data in the IC card inserted thereinto. The card reader grants a service using the IC card after making a check to see if the IC card inserted thereinto is valid.
FIG. 2 shows an authentication method that has been used in these systems. The communication terminal 10 is a terminal such as a telephone, mobile station, portable station or IC card. The communication processing unit 20 is a base station or exchange in a mobile telecommunication system, for example, or an IC card reader. The memory 30 is, for instance, a database which stores information on the communication terminal 10 represented by its authentication key. In the following description an expression in the form of A[B] will mean a computation for enciphering information B by a key A, and to decode a signal A[B] will mean to obtain information B through computation using the key A.
The communication terminals are each preassigned identification information ID and a secret authentication key Ka, and the authentication key Ka of each communication terminal 10 is prestored in the memory 30 in correspondence with the identification information ID. At first, the communication terminal 10 transmits a service request signal SR1 containing the identification information ID (step S1). This corresponds to, for example, the transmission of a call originating signal from a portable station used as the communication terminal 10 when it originates a call. Upon receiving the service request signal SR1, the communication processing unit 20 sends the signal SR1 to the memory 30 and requests it to send the authentication key Ka for authenticating the communication terminal 10, that is, the same authentication key Ka as that which the communication terminal 10 stores in secrecy (step S2). The memory 30 reads out the requested authentication key Ka from the identification information ID in the received service request signal SR1 and sends it to the communication processing unit 20 (step S3). Upon receiving the authentication key Ka from the memory 30, the communication processing unit 20 generates a random number R1 in step S4 and transmits it as an authentication request signal to the communication terminal 10 in step S5. Having received the random number R1, the communication terminal 10 enciphers the random number R1 by use of the authentication key Ka in step S6 and returns the enciphered signal Ka[R1] as an authentication response signal to the communication processing unit 20 in step S7. Then, in step S8 the communication processing unit 20 deciphers the signal Ka[R1], using the authentication key Ka (step 8a) and checks the deciphered signal R1 with the random number R1 previously transmitted to the communication terminal 10 (step 8b). When they match, the communication processing unit 20 decides that the communication terminal 10 is a valid user, and authorizes the requested service to start.
For instance, also in the case where a second service request for handover during communication or hand off during conversation is made during the above-mentioned service, or in the case of the second service being made after the above-said service is finished, a second service request signal SR2 containing the identification information ID is sent to the communication processing unit 20 (step S11), after which the communication terminal 10 is authenticated using exactly the same procedure (steps S12 through S18) as that for the first service request signal SR1.
With the above-described prior art, upon each occurrence of a service request, the communication processing unit 20 needs to acquire the authentication key Ka from the memory 30, and hence the authentication process takes much time accordingly--this leads to a defect that the delay accompanying the start of communication or channel connection increases.