Abstract: A method and/or system for validating subscribers includes an insecure communications network, such as, an IS-41 wireless telephone network connecting a plurality of telephone switches. A subscriber or user of the system enters a sequence of digits, namely, a random PIN (personal identification number), and a telephone number of whom he wishes to call. The random PIN provides effectively a “digital signature” to the telephone number. A second number is dialed to effect call completion. An authentication center exists which authenticates the user by verifying the digital signature and updating a user profile to permit a call only to the telephone number in the sequence dialed by the user. The profile is sent to the serving switch which permits calls only to the destination in the profile. This technique eliminates fraudulent users from stealing telephone identities, “cloning” phones and placing calls. Calls are optionally completed only to destinations that have been validated.

Abstract: A cryptography-based entity authentication device (EAD) operated by a remote entity located at a subscriber site enables a telephone switch or computer system to identify and verify the authenticity of the entity. In one embodiment, the EAD encrypts a random digital sequence transmitted by a host facility and returns the encrypted signal to the host for comparison with another encryption signal generated locally by the host. If a match is detected, this serves as confirmation that the remote entity possesses the same encryption key as the host, therefore verifying the authenticity of the remote entity. Otherwise, the entity is deemed fraudulent and access is denied. In another embodiment, the host and subscriber site each include a respective time generation means which are maintained in relative time synchronicity. The EAD generates and encrypts a time signal for comparison with another encrypted time signal generated locally by the host.