HK1091061A

HK1091061A - Local authentication in a communication system

Info

Publication number: HK1091061A
Application number: HK06111592.3A
Authority: HK
Inventors: R‧F‧小奎克; G‧G‧罗斯
Original assignee: 高通股份有限公司
Priority date: 2001-01-05
Filing date: 2004-08-17
Publication date: 2007-01-05

Description

Local authentication in a communication system

The present application is a divisional application of patent applications having an international application date of 27/12/2001, an international application number of PCT/US01/50643, a national application date of 2001 of 27/12/2001, an application number of 01822505.5, and an invention name of "local authentication in communication system".

Technical Field

The present invention relates to communication systems, and more particularly to local authentication of subscribers of a communication system.

Background

The field of wireless communications has many applications including, for example, cordless telephones, pagers, wireless local loops, Personal Digital Assistants (PDAs), internet telephones, and satellite communication systems. A particularly important application is cellular telephone systems for mobile subscribers. (as used herein, the term "cellular" system encompasses both cellular and Personal Communications Service (PCS) frequencies.) various radio interfaces have been developed for such cellular telephone systems including, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), and Code Division Multiple Access (CDMA). In connection therewith, various national and international standards have been established, including, for example, Advanced Mobile Phone Service (AMPS), Global System for Mobile communications (GSM), and Interim Standard 95 (IS-95). In particular, IS-95 and its derivatives, IS-95A, IS-95B, ANSI J-STD-008 (generally referred to as IS-95), and the proposed high data rate systems of data, among others, are promulgated by the Telecommunications Industry Association (TIA) and other well-known standard entities.

Cellular telephone systems configured pursuant to the use of the IS-95 standard employ CDMA signal processing techniques to provide highly efficient and highly robust cellular telephone service. Exemplary cellular telephone systems configured substantially in accordance with the use of the IS-95 standard are described in U.S. patent nos. 5103459 and 4901307, which are assigned to the assignee of the present invention and are incorporated herein by reference in their entirety. An exemplary illustrative system utilizing CDMA Technology is CDMA2000 ITU-R Radio Transmission Technology (RTT) cancer sub (herein referred to as CDMA2000), promulgated by the TIA. The standard for cdma2000 IS given in the drafted version of IS-2000 and approved by the TIA. The cdma2000 proposal IS compatible with IS-95 systems in many respects. Another CDMA standard is the W-CDMA standard, such as that contained in third Generation partnership project "3 GPP", document Nos. 3G TS 25.211, 3GTS 25.212, 3G TS 25.213, and 3G TS 25.214.

Due to the ubiquitous proliferation of telecommunication services and the increased mobility of the general population in most parts of the world, it is desirable to provide communication services to subscribers when they travel outside their home system. One way of meeting this need is the use of identification tokens, such as Subscriber Identity Modules (SIMs) in GSM systems, where subscribers are assigned to SIM cards that can be inserted into GSM phones. The SIM card carries billing information identifying the party that inserted the SIM card into the mobile telephone. The next generation of SIM cards have been renamed to usim (utms SIM) cards. In CDMA systems, the identification token is referred to as a removable user interface module (R-UIM) and accomplishes the same purpose. The use of such an identification token allows the subscriber to travel without his or her personal mobile phone that is configured to operate on a frequency that is not used in the accessed environment and allows the subscriber to use a locally available mobile phone without incurring the expense of establishing a new account.

Although convenient, the use of such tokens for accessing subscriber account information may not be secure. Currently, such identification tokens are programmed to send private information, such as an encryption key used for message encryption or an authentication key for identifying the subscriber, to the mobile phone. A person attempting to steal account information may accomplish his or her purpose by programming the mobile phone to retain private information after the identification token has been removed, or to send private information to another storage unit during legitimate use of the mobile phone. A mobile phone tampered with in this way will be referred to below as a "rogue shell". Thus, there is a need to preserve the security of private information stored on an identification token while still facilitating the use of the private information to access communication services.

Disclosure of Invention

A novel method and apparatus for providing secure authentication for subscribers roaming outside their home system is presented. In one aspect, a subscriber identification token is configured to provide authentication support for a mobile unit, wherein the mobile unit passes information to the subscriber identification token for transformation by a key.

In another aspect, a subscriber identification apparatus is presented, comprising: a key generation element; and a signature generator configured to receive a private key from a key generation element and a first signature from a mobile unit, and further configured to output a second signature to the mobile unit, wherein the second signature is generated from the private key and the first signature.

In another aspect, an apparatus for providing secure local authentication for a subscriber in a communication system is presented, comprising a subscriber identification apparatus configured to interact with a communication apparatus, wherein the subscriber identification apparatus comprises: a key generator for generating a plurality of keys from the received value and the secret value, wherein at least one communication key from the plurality of keys is communicated to the communication device and at least one private key from the plurality of keys is not communicated to the communication device; and a signature generator for generating an authentication signal from both the at least one private key and an authentication message, wherein the authentication message is generated by the communication device using the at least one communication key.

In another aspect, a method of providing authentication for a subscriber with a subscriber identification device is presented, comprising: generating a plurality of keys; sending at least one key from the plurality of keys to a communication device communicatively coupled to the subscriber identification device and leaving at least one key from the plurality of keys private; generating a signature at the communication device with both the at least one key and the transmitted message sent to the communication device; sending the signature to a subscriber identification device; receiving the signature at the subscriber identification device; generating a master signature from the received signature and the at least one key held private; and transmitting the master signature to the communication system.

Drawings

Fig. 1 is a diagram of an exemplary data communication system.

Fig. 2 is a diagram of a communication exchange between elements in a wireless communication system.

Fig. 3 is a diagram of an embodiment in which a subscriber identification token provides cryptographic support for a mobile unit.

Detailed Description

As shown in fig. 1, a wireless communication network 10 generally includes a plurality of mobile stations (also referred to as subscriber units or user equipment) 12a-12d, a plurality of base stations (also referred to as Base Transceiver Stations (BTSs) or node bs) 14a-14c, a Base Station Controller (BSC) (also referred to as a radio network controller or packet control function 16), a Mobile Switching Center (MSC) or switch 18, a Packet Data Serving Node (PDSN) or internetworking function (IWF)20, a Public Switched Telephone Network (PSTN)22 (typically a telephone company), and an Internet Protocol (IP) network 24 (typically the internet). For simplicity, four mobile stations 12a-12d, three base stations 14a-14c, one BSC 16, one MSC, and one PDSN 20 are shown. Those skilled in the art will appreciate that there may be any number of mobile stations 12, base stations 14, BSCs 16, MSCs 18, and PDSNs 20.

In one embodiment, the wireless communication network 10 is a packet data service network. The mobile stations 12a-12d may be any of a number of different types of wireless communication devices such as a portable telephone, a cellular telephone that is connected to a laptop computer running an IP-based Web browser application, a cellular telephone with an associated hands-free car kit, a Personal Digital Assistant (PDA) running an IP-based Web browser application, a wireless communication module incorporated into a portable computer, or a local communication module such as found in an internal wireless local loop or meter reading system. In the most general embodiment, the mobile station may be any type of communication unit.

The mobile stations 12a-12d may be configured to execute one or more wireless packet data protocols, such as those described in the EIA/TIA/IS-707 standard. In particular embodiments, mobile stations 12a-12d generate IP packets that are directed to IP network 24 and encapsulate the IP packets within frames using a point-to-point protocol (PPP).

In one embodiment, the IP network 24 is coupled to a PDSN 20, the PDSN 20 is coupled to a MSC18, the MSC18 is coupled to the BSC 16 and the PSTN 22, and the BSC 16 is coupled to the base stations 14a-14c, all via wireline configured to transmit voice and/or data packets according to any of several known protocols, including, for example, E1, T1, Asynchronous Transfer Mode (ATM), IP, frame Relay, HDSL, ADSL, or xDSL. In an alternative embodiment, the BSC 16 is coupled directly to the PDSN 20, while the MSC18 is not coupled to the PDSN 20. In another embodiment of the present invention, the mobile stations 12a-12d communicate with the base stations 14a-14c over an RF interface defined in the third Generation partnership project "36 PP2," Physical Layer Standard for cdma2000Spread Spectrum Systems, "3 GPP2 document No. C.P0002-A, TIA PN-4694, to be published as TIA/EIA/IS-2000-2-A (draft, revision 30), which IS incorporated herein by reference in its entirety (11/19 of 1999).

During normal operation of the wireless communication network 10, the base stations 14a-14c receive and demodulate sets of reverse link signals from respective mobile stations 12a-12d involved in a telephone call, Web browsing, or other data communication. Each reverse link signal received by a given base station 14a-14c is processed within that base station 14a-14 c. Each base station 14a-14c may communicate with a plurality of mobile stations 12a-12d by modulating and transmitting sets of forward link signals to the mobile stations 12a-12 d. For example, as shown in fig. 1, the base station 14a communicates with first and second mobile stations 12a, 12b simultaneously, and the base station 14c communicates with third and fourth mobile stations 12c, 12d simultaneously. The resulting packets are forwarded to the BSC 16, which provides call resource allocation and mobility management functions, including directing soft handoff of a call for a particular mobile station 12a-12d from one base station 14a-14c to another base station 14a-14 c. For example, the mobile station 12c communicates with two base stations 14b, 14c simultaneously. Eventually, when the mobile station 12c moves far enough away from one of the base stations 14c, the call will be handed off to the other base station 14 b.

If the transmission is a conventional telephone call, the BSC 16 will route the received data to the MSC18, which provides additional routing services to interface with the PSTN 22. If the transmission is a packet-based transmission, such as a data call directed to the IP network 24, the MSC18 will route the data packet to the PDSN 20, which will send the packet to the IP network 24. Alternatively, the BSC 16 may route the packets directly to the PDSN 20, which sends the packets to the IP network 24.

Fig. 2 illustrates a method of providing authentication to a subscriber with a mobile telephone in a wireless communication system. A subscriber traveling outside his or her Home System (HS)200 uses a mobile unit 220 in a Visited System (VS) 210. The subscriber uses the mobile unit 220 by inserting a subscriber identification token. Such a subscriber identification token is configured to generate encryption and authentication information, allowing the subscriber to access account services without having to establish a new account with the accessed system. A request for service (not shown) is sent from mobile unit 220 to VS 210. VS 210 contacts HS 200 to determine the service to the subscriber (not shown).

The HS 200 generates a random number 240 and an expected response (XRES)270 from knowledge of private information held on the subscriber identity token. The random number 240 serves as a challenge, where the intended recipient uses the random number 240 and private knowledge to generate a confirmation response that matches the expected response 270. Random number 240 and XRES 270 are sent from HS 200 to VS 210. Other information is also sent but not related to this (not shown in the figure). The communication between HS 200 and VS 210 is simplified in the manner described in FIG. 1. The VS 210 sends the random number 240 to the mobile unit 220 and waits until an acknowledgement message 260 is sent from the mobile unit 220. Acknowledgement message 260 and XRES 270 are compared at comparison element 280 of VS 210. If acknowledgment message 260 and XRES 270 match, VS 210 continues to service mobile unit 220.

The mobile unit 220 sends a random number 240 to the subscriber identification token 230, which has been inserted into the mobile unit 220 by the subscriber. The security key 300 is stored on the subscriber identification token 230. Both the security key 300 and the random number 240 are used by a key generator 250 to generate an acknowledgement message 260, an encryption key (CK)290 and a Integrity Key (IK) 310. The CK 290 and IK310 are transmitted to the mobile unit 220.

At the mobile unit 220, the CK 290 can be used to encrypt communications between the mobile unit 220 and the VS 210 so that the communications are decrypted only by the recipient to whom the message is directed. Techniques for encrypting communications using Encryption keys are described in pending U.S. patent application 09/143,441, filed on 28.8.1998, entitled "Method and apparatus for Generating Encryption Stream Ciphers", assigned to the assignee of the present invention and incorporated herein by reference. It should be noted that other encryption techniques may also be used without affecting the scope of the embodiments described herein.

The IK310 can be used to generate a Message Authentication Code (MAC) that is attached after a transmission message frame in order to verify that the transmission message frame originated from a particular party and that the message has not changed during transmission. Techniques for Generating MAC are described in pending U.S. patent application No. 09/371,147, filed on 9.8.1999, entitled "Method and Apparatus for Generating a message authentication Code", assigned to the assignee of the present invention and incorporated herein by reference. It should be noted that other techniques for generating an authentication code may also be used without affecting the scope of the embodiments described herein.

Alternatively, the IK310 may be used to generate the authentication signature 340 based on specific information sent separately or with the transmitted message. Techniques for generating Authentication signatures are described in U.S. patent No. 5,943,615, entitled "Method and Apparatus for Providing Authentication security in a Wireless Communication System," assigned to the assignee of the present invention and incorporated herein by reference. The authentication signature 340 is the output of the hash element 330, which combines the IK310 with the message 350 from the mobile unit 220. Authentication signature 340 and message 350 are sent over the air to VS 210.

As shown in fig. 2, the encryption key 290 and the integrity key 310 are sent from the subscriber identification token 230 to the mobile unit 220, which proceeds to generate data frames for public dissemination over the air. While this technique may prevent an eavesdropper from determining the value of such a key over the air, it does not protect against fraudulent shell attacks. The rogue shell may be programmed to receive CK 290 and IK310 and then store the keys rather than purge such keys from local memory. Another method of stealing keys is to program the mobile unit 220 to send the received key to another location. The CK 290 and IK310 can then be used to fraudulently bill the subscriber for unauthorized communications. This rogue shell attack is particularly effective in systems where the random numbers generated at the home system 200 are used in an insecure manner, such as when the same keys generated are used for a certain extended period of time.

Another embodiment for protecting against rogue shell attacks uses a processor and memory in the subscriber identification token to generate an electronic signature that cannot be reproduced by the mobile unit without inserting the subscriber identification token.

Fig. 3 illustrates an embodiment of providing local authentication for a subscriber in a wireless communication system. In this embodiment, the subscriber identification token 230 is programmed to generate an authentication response based on the key that was not passed to the mobile unit 220. Thus, if the mobile unit used by the subscriber is a rogue shell, the rogue shell cannot recreate the proper authentication response.

Similar to the method described in fig. 2, the mobile unit 220 generates a signature signal based on the IK310 received from the subscriber identity token 230 and the message to be sent to the VS 210. However, in the exemplary embodiment, the signature signal is not passed to the VS. The signed signal is passed to the subscriber identification token 230 and is used together with the additional key to generate a primary signed signal. The primary signature signal is sent to the mobile unit 220, which in turn sends the primary signature signal to the VS 210 for authentication purposes.

The HS 200 generates a random number 240 and an expected response (XRES)270 based on the knowledge of the private information held on the subscriber identification token 230. Random number 240 and XRES 270 are sent to VS 210. The communication between HS 200 and VS 210 is simplified in the manner described in FIG. 1. VS 210 sends random number 240 to mobile unit 220 and waits for an acknowledgement message 260 to be sent from mobile unit 220. Acknowledgement message 260 and XRES 270 are compared at comparison element 280 at VS 210. If acknowledgment message 260 and XRES 270 match, VS 210 continues to service mobile unit 220.

The mobile unit 220 communicates the random number 240 to the subscriber identification token 230, which has been electrically coupled to the mobile unit 220 by the subscriber. The security key 300 is stored on the subscriber identification token 230. Both the security key 300 and the random number 240 are used by a key generator 250 to generate a confirmation message 260, an encryption key (CK)290, a Integrity Key (IK)310, and a UIM Authentication Key (UAK) 320. The CK 290 and IK310 are transmitted to the mobile unit 220.

At the mobile unit 220, the CK 290 is used to encrypt transmission data frames (not shown in fig. 3). The IK310 is used to generate a signature signal 340. The signature signal 340 is the output of the signature generator 400. the signature generator 400 uses an encryption operation or a one-way operation, such as a hash function, on the IK310 and the message from the mobile unit 220. The signature signal 340 is sent to the subscriber identification token 230. At the subscriber identification token 230, the signature signal 340 and the UAK 320 are manipulated by the signature generator 360 to generate a primary signature signal 370. The primary signature signal 370 is sent to the mobile unit 220 and the VS 210 where the verification element 380 authenticates the identity of the subscriber. The verification element 380 may complete the verification by regenerating the signature signal 340 and the primary signature signal 370. Alternatively, the verification element 380 may receive the signature signal from the mobile unit 220 and regenerate only the primary signature signal 370.

The regeneration of the signature signal 340 and the primary signature signal 370 at VS 210 may be accomplished by a variety of techniques. In one embodiment, the authentication element 380 may receive the UAK 390 and the integrity key from the home system 220. When the verification element 380 also receives the message 350 from the mobile unit 220, a signature signal may be generated and used to generate the primary signature element.

Signature generator 360 within subscriber identification token 230 may include a memory and a processor, where the processor may be configured to manipulate the output using a variety of techniques. These techniques may take the form of encryption techniques, hash functions, or any irreversible operation. As an example, one technique that may be implemented by subscriber identification tokens is the Secure Hash Algorithm (SHA), promulgated in Federal Information Processing Standard (FIPS) PUB 186, "Digital signature standards" in 5 months 1994. Another technique that may be performed by the subscriber identification token is the Data Encryption Standard (DES), promulgated in FIPS PUB 46 in 1977, month 1. The use of the term "encryption" herein does not necessarily mean reversible operation. Operation may not be reversible in the embodiments described herein.

The key generator 250 may also include a memory and a processor. Indeed, in one embodiment, a single processor is configured to perform the functions of the signature generator 360 and the key generator 250. The verification may be performed by: the same result is calculated from the same input at the verification element 380 and the calculated and issued values are compared.

The subscriber identity token used in the CDMA system or GSM system, also referred to as R-UIM or USIM, respectively, may be configured to generate the primary signature signal 370 in the manner described above, i.e., all messages generated by the mobile unit are encrypted and authenticated. However, since the central processing unit in such tokens may be limited, it may be desirable to implement other embodiments in which importance weights are assigned to message frames so that only important messages are securely encrypted and authenticated. For example, a message frame containing billing information may require more security than a message frame containing a voice payload. Thus, the mobile unit may assign a greater importance weight to billing message frames and a lesser importance weight to voice message frames. When the subscriber identification token receives the signature signals generated from these weighted messages, the CPU may evaluate the different importance weights attached to each signature signal and determine the primary signature signal only for the heavily weighted signature signals. Alternatively, the mobile unit may be programmed to only pass "important" signature signals to the subscriber identification token. This selective primary signature signal generation approach increases the efficiency of the subscriber identification token by relieving the processing load of the subscriber identification token.

The above-described embodiments prevent unauthorized use of a subscriber account by requiring a more secure transaction between a subscriber identification token and a mobile unit. A mobile unit programmed to act as a rogue shell cannot steal subscriber information for the wrong purpose because the mobile unit cannot generate the primary signature signal without knowledge of the secret UAK.

The above-described embodiments maximize the processing performance of the subscriber identification token by operating on the signature signal rather than on the message. Generally, the signature signal has a shorter bit length than the message. Thus, less time is required for the signature generator to operate on the signature signal in the subscriber identification, rather than on the transmission message frame. As mentioned above, the processing power of the subscriber identification token is typically much lower than that of the mobile unit. Thus, implementations of this embodiment can provide secure authentication of messages without sacrificing speed.

It should be noted, however, that improvements in processor architecture occur almost exponentially. Such improvements include faster processing times and smaller processor sizes. Thus, another embodiment of providing local authentication is achieved in which the primary signature signal is generated directly from the message, rather than indirectly through the short signature signal. The mobile unit may be configured to pass the message directly to the subscriber identification token, which can quickly generate the primary signature signal rather than passing the message to a signature generation element within the mobile unit. In another embodiment, only a limited number of messages need to be passed directly to the subscriber identification token, according to the degree of security required for the messages.

It should be noted that although the various embodiments are described in terms of a wireless communication system, the various embodiments may also provide secure local authentication for any party using an unknown terminal connected in a communication network.

Thus, there have been described novel and improved methods and apparatus for performing local authentication for subscribers in a communication system. Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, software, firmware, or combinations of both. Various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware, software, or firmware depends upon the particular application and design constraints imposed on the overall system. The skilled artisan will recognize the interchangeability of hardware, software, and firmware under these circumstances, and how best to implement the described functionality for each particular application.

The various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented or performed with a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like. A processor executing a set of firmware instructions, any conventional programmable software module and a processor, or a combination thereof, may be designed to perform the functions described herein. The processor is preferably a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary processor is coupled to the storage medium to read information from, and write information to, the storage medium. Alternatively, the storage medium may reside in an ASIC. The ASIC may reside in a telephone or other user terminal. In the alternative, the processor and the storage medium may reside in a telephone or other user terminal. A processor may be implemented as a combination of a DSP and a microprocessor, or as two microprocessors in conjunction with a DSP core, etc. Those of skill would further appreciate that the data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields and particles, optical fields and particles, or any combination thereof.

Various embodiments of the present invention have been shown and described. It will be apparent, however, to one skilled in the art that many modifications to the embodiments disclosed herein can be made without departing from the spirit or scope of the invention.

Claims

1. A method in a subscriber identification device having a secret key, the method comprising:

receiving a first signature from a mobile unit;

using the first signature and the secret key to generate a master signature; and

sending the primary signature to the mobile unit.

2. The method of claim 1, wherein the subscriber identification device is one of a UIM or a R-UIM.

3. The method of claim 1, wherein the first signature is a message authentication code.

4. The method of claim 1, wherein the secret key is a UIM authentication key.

5. The method of claim 1, wherein the utilizing the first signature and the secret key comprises:

a hash function is used to generate the second signature.

6. The method of claim 1, wherein the subscriber identification device is removably coupled to the mobile unit.

7. A storage medium containing executable instructions to perform the method of any one of claims 1 to 6.

8. A signature generator for use in a subscriber identification device having a secret key, the signature generator comprising:

a memory;

a processor configured to execute a set of instructions stored in the memory, the set of instructions to:

receiving a first signature from a mobile unit;

sending the primary signature to the mobile unit.

9. The signature generator of claim 8, wherein the subscriber identification device is one of a UIM or a R-UIM.

10. The signature generator of claim 8, wherein the first signature is a message authentication code.

11. The signature generator of claim 8, wherein the secret key is a UIM authentication key.

12. The signature generator of claim 8, wherein the processor utilizing the first signature and the secret key comprises using a hash function.

13. The signature generator of claim 8, wherein the subscriber identification device is removably coupled to the mobile unit.

14. A method in a mobile unit, comprising:

generating a first signature;

sending the first signature to a subscriber identification device;

receiving a primary signature from the subscriber identification device, wherein the primary signature is generated by the subscriber identification device using the first signature and a secret key; and

and sending the master signature.

15. The method of claim 14, wherein the subscriber identification device is one of a UIM or a R-UIM.

16. The method of claim 14, wherein generating a first signature comprises:

a message authentication code is generated.

17. The method of claim 14, wherein generating a first signature comprises:

generating the first signature using a hash function.

18. The method of claim 14, wherein the secret key is a UIM authentication key.

19. The method of claim 14 wherein the subscriber identification device is removably coupled to the mobile unit.

20. A storage medium containing executable instructions to perform the method of any one of claims 14 to 19.

21. A mobile unit, comprising:

a memory;

generating a first signature;

sending the first signature to a subscriber identification device;

and sending the master signature.

22. The mobile unit of claim 21, wherein the subscriber identification device is one of a UIM or a R-UIM.

23. The mobile unit of claim 21, wherein generating the first signature comprises:

a message authentication code is generated.

24. The mobile unit of claim 21, wherein generating the first signature comprises:

generating the first signature using a hash function.

25. The mobile unit of claim 21, wherein the secret key is a UIM authentication key.

26. A mobile unit as defined in claim 21, wherein said subscriber identification device is removably coupled to said mobile unit.

27. A method for use in a verification element, the method comprising:

receiving a secret key;

receiving a master signature;

regenerating a master signature from the secret key and the first signature; and

the regenerated primary signature is verified based on the received primary signature.

28. The method of claim 27, further comprising:

the first signature is received from a mobile unit.

29. The method of claim 27, further comprising:

generating the first signature.

30. A storage medium containing executable instructions to perform the method of any one of claims 27 to 29.