Abstract: A processing system that is accessible via a number of speech transmission media. Access to the processing system may be made via a mobile radiotelephone, land line telephone, acoustic link or datalink. Access to programs, files and data is based upon the security of the communication media and authentication of the user.

Abstract: The apparatus (101, 110) and method for authentication is provided by generating R and encrypting it using a selected algorithm K as the key in a primary station, encrypting the verification key, V using R as the key and encrypting the result using K as the key, transmitting both pieces of information (VAR1 and VAR3) to the secondary station (110), using K to decrypt VAR1 and VAR3 to obtain R and eventually V which is encrypted using R in the secondary station (110)verifying authenticity of the primary station (101) if the decrypted V matches the secret key portion of V that is stored at the secondary station (110).

Abstract: A method and apparatus for authentication between a subscriber unit and a communication unit is provided. The authentication process includes: maintaining an historic non-arbitrary value in the subscriber unit, generating an authentication message in the subscriber unit as a function of at least part of the historic non-arbitrary value, and transmitting the authentication message to the communication unit. In addition, the authentication process includes: receiving an authentication message at a communication unit, maintaining an historic non-arbitrary value in the communication unit, and determining, in the communication unit, through the use of the received authentication message and the maintained historic non-arbitrary value, whether a received service request is authentic.

Abstract: Blind access (100, 300, 400) to a desired encryption key of a predetermined first group member is provided to a second group. The first group encrypts a plurality of first group member encryption keys using a predetermined algorithm and transfers to the second group, the encrypted plurality of first group member encryption keys with corresponding unencrypted first group member identification fields, IDs, and a list of IDs corresponding to the first group members. The desired ID-free encryption key is selected and encrypted by the second group using a predetermined algorithm. The doubly encrypted key is transferred to the first group, decrypted by the first group and transferred to the second group for decryption. Thus, the encryption key is provided without knowledge to the first group of which member's encryption key is being examined and with knowledge to the second group of only the desired encryption key.

Abstract: A method and apparatus for authenticating a roaming subscriber. In a preferred embodiment, a subscriber receives a challenge that is in a format of a local authentication protocol, and determines whether the local authentication protocol is the subscriber's home system authentication protocol. If it is not, the subscriber converts the challenge into a format (e.g., bit length) compatible with its home system authentication protocol, and processes the converted challenge with the subscriber's secret key and authentication algorithm into an authentication response. The authentication response is converted to be compatible with the local authentication protocol, and transmitted to a local system communication unit. The challenge and response is then forwarded to the subscriber's home system for similar conversion and processing, and subscriber's response is compared against a home system generated response.

Abstract: A communication system (100) employs a method of messaging between a subscriber unit (105) and an infrastructure communication center (101). A messaging key associated with a subscriber unit reference number is provided (203, 403) to the subscriber unit (105) and to the infrastructure communication center (101). An authentication key and/or an identifier for the subscriber unit (105) is then produced (300, 407) by either the subscriber unit (105) or the infrastructure communication center (101). The authentication key and/or the identifier is encrypted (207, 413) with the messaging key and is subsequently communicated (209, 415) between the subscriber unit (105) and the infrastructure communication center (101).

Abstract: Radio frequency based cellular telecommunication systems often require both subscriber units and communication units of a fixed network communication system to maintain secret data which may be used to verify authenticity as well as provide encrypting variables for message encryption processes. An efficient real-time authentication method and apparatus are provided which use a single message to provide authentication and communication link setup information. Further, an authentication method and apparatus are provided which uses instant-specific information such as a time of day, radio frequency carrier frequency, a time slot number, a radio port number, access manager identifier, a radio port control unit identifier, or a base site controller identifier to enhance the reliability of the authentication process.

Abstract: A method of secure key distribution in a communication system having a plurality of subscriber units and an infrastructure communication center is provided. A first subscriber unit sends a request to the infrastructure communication center for a secure communication link with a second subscriber unit. This request includes an encrypted session encryption key which was encrypted with a first subscriber registration key. The infrastructure communication center decrypts the encrypted session encryption key with the first subscriber registration key. Subsequently, the infrastructure communication center re-encrypts the session encryption key with a second subscriber registration key. This re-encrypted session encryption key is sent to the second subscriber unit. In an alternative method, the first subscriber unit and the infrastructure communication center a priori know a session key.

Abstract: A method and apparatus for generating a pseudo-random bit sequence is provided. A first input bit is determined as a function of bits stored in a shift register in accordance with a first feedback algorithm. In addition, a second input bit is determined as a function of bits stored in the shift register in accordance with a second feedback algorithm. Subsequently, a particular input bit to be provided to the shift register is deterministically selected from the group consisting of the first input bit and the second input bit such that a non-linear pseudo random sequence may be produced by the shift register. In addition, a communication unit which utilizes the pseudo-random bit sequence in encrypting a signal to be transmitted and decrypting a received signal is described.

Abstract: A method and apparatus for providing cryptographic protection of a data stream are described in accordance with the Open Systems Interconnection (OSI) model for a communication system. This cryptographic protection is accomplished on the transmitting side by assigning a packet sequence number to a packet derived from a data stream received from a network layer. Subsequently, a transmit overflow sequence number is updated as a function of the packet sequence number. Then, prior to communicating the packet and the packet sequence number on a physical layer, the packet is encrypted as a function of the packet sequence number and the transmit overflow sequence number. On the receiving side, the packet sequence number is extracted from the physical layer. In addition, a receive overflow sequence number is updated as a function of the packet sequence number. Finally, the encrypted packet is decrypted as a function of the packet sequence number and the receive overflow sequence number.

Abstract: Radio frequency based cellular telecommuication systems often require a subscriber (10) to maintain a proprietary identifier (19) or serial number (18) which is transmitted to a fixed network communication unit (20) to verify the authenticity of the subscriber (10). An enciphering and call sequencing method and apparatus are provided which can decrease unauthorized detection of these proprietary ID's (18, 19). This method and apparatus permit efficient roaming by allowing authentication variables for multiple calls to be sent from the "home" system (20) to the "visted" system and stored by the "visted" system for use with subsequent calls. Further, a method and apparatus are provided which force the authenticating mobile (10) to use information that only it has available to itself.

Abstract: An electronic wallet includes memory for storing at least a balance corresponding to an account in a financial institution, and a selective call receiver for receiving a wireless message transmitted from a remote transmitter, the wireless message including financial information relating to the balance for confirming a financial transaction with the financial institution. A controller, coupled to the memory and to the receiver, can update the balance in the memory in response to the wireless message.communication system enters financial transactions into the communication system from one of a plurality of associated portable data devices, and updates the financial transactions from the communication system to the one and to at least a second of the plurality of associated portable data devices via wireless message communication from at least one remote transmitter.

Abstract: The present invention discloses a method of protecting a pseudorandom (PN) signal generated by a linear Feedback Shift Register (LFSR) from cryptographic attack. This is accomplished by first receiving a PN output signal generated by an LFSR, or by clocking an LFSR to produce a PN output signal. Thereafter, non-linearity is deterministically introduced into the PN signal to produce a deterministic bit pattern. According to the suggested embodiments, the introduction of non-linearity is accomplished by altering at least one bit of the PN signal sequence. Next, the deterministic bit pattern is substituted in place of the LFSR PN signal, thereby protecting the PN signal from cryptographic attack.