JPH10336744A - Method for certifying mobile station and system therewith - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a hacker from directly receiving a cryptographic key number, and therefore to prevent the intrusion of the hacker not by transmitting the cryptographic key itself but by specifying the pointers of the plural cryptographic keys with a first random number at the time of communication between a base station and a moving station. SOLUTION: A mobile station 1 selects one of owned N=7 pieces of cryptographic key numbers according to the instruction of a base station 1, and transmits it through the base station 1 to a home center 3, and the cryptographic key is collated with a registered key number, and only when they are made coincident, the mobile station is certified as a proper mobile station. At that time, the cryptographic key number transmitted by the home center 3 is designated with a first random number. The first random numbers are generated to replace with respective numbers corresponding to 7 pieces as moduli when there are 7 pieces of cryptographic key numbers, and the cryptographic key number is selected from among those 7 pieces of cryptographic key numbers according to the number. Moreover, a second random number is also used for the confirmation of the cryptographic key number in the mobile station 1. Then, when the number N of the cryptographic key numbers is the same in all the mobile stations, and then the backer knows the number, probability that the hacker knows the cryptographic key number is increased. Then, the number of the cryptographic key numbers is varied for each mobile station.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication protocol, and more particularly to a protocol for ensuring the validity of communication such as a cellular radio telephone.

[0002]

In a conventional telephone, each telephone set (fax, modem, etc.) is physically connected to one port of a local central office switch.
The connection is made through a given telephone line or a designated channel of the telephone line. The connection of the telephone line is made by the service provider (usually a carrier), so the service provider can be assured that the call on the channel is by the subscriber. However, subscriber authentication over wireless telephones is uncertain.

In the current cellular telephone configuration, when a subscriber calls, the cellular telephone automatically informs the service provider of the identity of the caller (mobile telephone) for billing. This information is not encrypted. If a third party eavesdrops at that point, the subscriber's identity will be obtained. This information includes the subscriber's telephone number and the subscriber's device electrical serial number (ESN). Thus, the eavesdropper can program the cellular telephone to impersonate an authorized subscriber and receive service. Alternatively, the service provider can send a control code to break into the connection by interrupting the call and increasing the transmission power. Such infringement is basically unavoidable because the service provider does not have a mechanism for identifying the identity of the caller during the connection and / or during the call.

If an eavesdropper wants to know the identity information, an apparatus can be used that automatically sweeps the entire cellular frequency band in the assigned cell. Therefore, infringement of cellular telephone service cannot be prevented. Also, since the voice signal is not encrypted, the content of the conversation can be eavesdropped. In other words, effective protection measures are required in cellular telephone systems, and the use of encryption is required for user authentication and privacy protection.

[0005]

Although some standard cryptographic techniques can be used to solve general authentication problems such as cellular telephones, there are practical problems. First, a conventional request / response protocol based on a private key number algorithm can be used. In this method, one encryption key number is assigned to a subscriber's mobile station, and this encryption key number is also registered in the home system. When the subscriber authentication system authenticates the subscriber, the home system is inquired about the use of the subscriber. The home system performs the function of responding in response to a request from the subscriber with the encryption key number. Requests and responses are made by the subscriber authentication system and also make requests to the mobile station. The mobile station responds with the result of processing the request from the home system and its stored encryption key number. The subscriber authentication system compares the responses from the home station and the mobile station and considers a match if they match.

The problem with this method is that the subscriber authentication system cannot connect to the home system quickly enough at the time of outgoing authentication, and the database software of the home system checks the encryption key number of the subscriber. It is not possible to construct a request / response pair in a short time. The network or software delay of a few seconds increases the dead time between picking up the handset and hearing a dial tone when a subscriber places a call, and, due to the control network and switching equipment currently in use by the cellular provider. Delay time increases. In the present circumstances,
Such a delay is not allowed.

A problem with the above method is that the encryption key of the subscriber is transmitted as it is wirelessly. That is,
The subscriber needs to send an encryption key to the home system in order to authenticate itself with each call. This encryption key number is the mobile phone (its phone number or device number)
Each time a call is made, the home system is queried and its authenticity is confirmed. Normally, this process is performed based on whether or not the encryption key number issued from a certain mobile phone matches the encryption key number registered in the home system with the phone number or device number of the mobile phone.

Therefore, a person (hacker, eavesdropper) who illegally uses another person's mobile phone intercepts the telephone number of the mobile phone transmitted when making a call and the encryption key number transmitted thereafter. Then, transplant the target mobile phone's telephone number and encryption key number to their own fake telephone, and then send that telephone number and encryption key to make the legitimate user a spoofed phone. You can make a call (the price of this illegal call will be charged to legitimate users).

Regarding this problem, instead of a telephone number,
Although there is an improved example using a telephone-specific PIN number, there is a problem that this PIN number is transmitted as it is, similarly to the encryption key number.

[0010]

SUMMARY OF THE INVENTION The security problem of cellular telephone technology is solved by the arrangement of the present invention with a shared encrypted data field. The mobile station unit holds a plurality of encryption key numbers assigned to it by the service provider and holds a shared encryption data field consisting of the encryption key numbers. The base station also has its shared encryption data field. Mobile station unit (mobile phone)
When the mobile station enters the cell of the base station, the base station recognizes itself. When the base station is provisionally determined from the information obtained from the mobile station unit that the mobile station unit is a legitimate device, the mobile station unit uses the shared encrypted data field to transmit the mobile station unit according to the present invention. Initiate communication with the base station with the help of an authentication process performed between the unit and the base station.

One feature of the configuration of the present invention is that the mobile unit operates according to an instruction from a base station (home center).
One encryption key number is selected from a plurality of encryption key numbers owned by the user, the selected encryption key number is sent to the home center, and it is compared with the encryption key number registered in the home center. Authenticated as a valid mobile station.

A feature of the configuration of the present invention is a process of selecting one encryption key number from a plurality of encryption key numbers.
The encryption key number transmitted from the home center is specified by a random number. And this random number is, for example,
When the shared encryption data field contains N (where N is an integer of 2 or more) encryption key numbers, the number is replaced by a number modulo N, and this number is used as an encryption key pointer. Is selected from among the N encryption key numbers to be shared. The mobile station also uses the random number to confirm the encryption key number (again, the random number is replaced by a number modulo N).

Another feature of the configuration of the present invention is that the identification of the encryption key number does not transmit the encryption key number,
The point is to transmit the result (multiplication or addition) of the number and the random number (this random number specifies the encryption key number as described above). For this reason, if the PIN number is unknown, the hacker cannot determine the random number (and thus the encryption key number). Even if the PIN number is known to the hacker, the number is not a cryptographic key number itself but a random number. For this reason, it takes more time to determine the encryption key number from this random number. Furthermore, even if the encryption key number is determined from this random number, the encryption key number to be used next time is specified by a random number from among the N numbers (the random number is converted into a number modulo N and specified). Hackers can't predict.

Still another feature of this configuration is that the random number that results in specifying the encryption key number is generated by the home center. Further, since one of the N encryption keys is selected, the probability that the same encryption key number is used twice consecutively is small. Thus, unless a hacker clones a legitimate mobile phone (having a PIN number and its corresponding N encryption key numbers),
You cannot impersonate a legitimate user.

[0015]

FIG. 1 shows a system according to an embodiment of the present invention. In FIG. 1, the mobile station (mobile phone) 1 has at least its own device number (0821), telephone number (03-06-07196), and PIN number (123).
4). Further, it has a plurality of encryption keys (here, N = 7 encryption keys). Here, it has an encryption key number numbered from 0 to 6 (referred to as a pointer). The number 3276 corresponding to this pointer 0
Is the encryption key number. For example, the encryption key number corresponding to the pointer 3 is 4420.

Although the relationship between the pointer number and the encryption key number is in principle irrelevant, they may be related as follows. For example, as for the relationship between the pointer number and the encryption key number, a number modulo the number N of encryption keys (7 in this embodiment) corresponds to the pointer number. That is, encryption key number≡pointer number (modN). By having such a relationship, there is an advantage that the reception information of the other party can be confirmed (checked) by analyzing the encryption key number.

Similarly, the mobile station 2 has its equipment number (24
61), telephone number (030-07-01211) and PI
N number (1238). This mobile station 2 has five encryption keys from pointer 0 to pointer 4.
The encryption key number of the mobile station 2 corresponds to the pointer in a number modulo N = 5.

The encryption key number of the mobile station 2 is, for example,
The encryption key number corresponding to pointer 0 is 4750,
The encryption key number corresponding to the pointer 3 is 1803.
The relationship between the pointer and the encryption key number is such that the encryption key number modulo 5 corresponds to the number of pointers. However, as described above, it is possible not to have such a relationship.

It is preferable to change the number of encryption keys for each mobile station. The reason is that if the number of encryption keys is the same for all mobile stations (telephones), if the number of encryption keys for a certain phone is known to a hacker, the encryption key is applied to other phones using the same operation. This is because the probability of being performed increases. If N = 10-99, a total of 90 types of encryption keys can be obtained. However, in the embodiment, for easy understanding, N = 4 (for mobile station 2), N = 7
(For mobile station 1).

The base station 1 can wirelessly communicate with the mobile station 1 or the mobile station 2. The base station 1 is connected directly to the home center 3 via a mobile switching center or via an NTT network. Further, another base station 2 is connected to the base station 1. The home center can be entirely or partially included in the base station.

In the NTT network, ordinary telephones are wired telephones to ordinary homes or offices (telephone number: 03).
-5561-3072). As shown in Table 1, the home center 3 has a device number, a telephone number, a PIN number, and an encryption key number corresponding to each mobile station. Therefore, the column of mobile station 1 contains
, A telephone number, a device number, a PIN number, and an encryption key number. The same applies to the mobile station 2.

Table 1 Mobile station (mobile phone) 1 2 3 n Phone number 030-06-07196 030-07-01211 030-08-11211 ------- Equipment number 0821 2461 2693 ------ -PIN number 1234 1238 1896 ------- Encryption key number 0 3276 4750 4963 ------- 1 2227 4856 9631 ------- 2 2858 4932 8966 3 4420 1803 ----- --- 4 6024 3474 -------- 5 6655 6 6236

The home center 3 on the base station side has the above-described registration list for the number of mobile stations. But,
Such a registration list may be provided in the base station itself because of the memory capacity. Alternatively, a plurality of base stations may divide and hold the registration list. The advantage of the base station having such a registration list is that, during the authentication process, there is no need to go through the NTT network, and the mobile telephone service company does not need to pay the line usage fee to NTT.

Next, the mobile station authentication process of the present invention using this system will be described with reference to the flowcharts of FIGS. However, among the step numbers shown in this embodiment, A, B, C,... Correspond to those described in claim 13, and the numbers correspond to the steps in the flowcharts of FIGS.

In step (A: 101), the mobile station 1
From the mobile station 1 to the base station 1 in the cell where the mobile station 1 is located, the calling party telephone number (030-06-07196) and the called party telephone number (for example, if the destination is the mobile station 2, 030-
07-01211, 03-556 for fixed telephone 3
1-3072) is transmitted. At this time, the device number of the telephone is automatically transmitted at the same time. The device number of the mobile station 1 is 0821 in this embodiment.

This call initiation signal is transmitted on the uplink channel from the mobile station 1 to the base station 1 in the upward direction, and hackers can access this signal. In other words, the hacker can access the device number of the mobile station 1 (082
1), the telephone number (030-06-07196), and its destination, eg, 03-5 which is the telephone number of the fixed telephone 3
561-3072 and the like. Step 10
At 3, the base station sets up the call. However, the setting of this call means the reception of the call, and does not mean the start of the call.

In step (B1), the base station 1 transmits the received call initiation signal to the home center 3 via the mobile switching center or the NTT network. This transmission path is usually performed by wire or wirelessly.

Step (C1: 105, 107) The home center 3 determines the equipment number (0821) of the mobile station 1 and the calling party telephone number (030-0) from the calling start signal.
6-07196) is searched for in the list owned by the user. If the device number (0821) and the caller telephone number (030-06-07196) do not match in the registration list or do not exist in the registration list, the telephone is determined to be invalid (not valid). , Disconnect the call. If they match or exist, the process moves to the next step 109. By performing such a temporary authentication step 107, the number of times of performing the authentication step of the present invention can be reduced.

In step (C2: 111), if the call is authenticated in the above step, the home center 3 determines the equipment number (0821) and the caller telephone number (030-06). −07196) to identify the mobile station identification code (PIN number). In this example, PI
N = 1234.

The home center 3 generates an arbitrary 4-digit first random number. The first random number is different from the second random number described below and is an arbitrary random number. The first random number (for example, 3294) generated in this way and the PIN number (1234) are calculated, for example, multiplied. The result of the multiplication is 3294 × 1234 = 4064796. And the first numerical value sequence (4064796)
The number is transmitted to the base station 1 and transmitted from the base station 1 to the mobile station 1 attempting to make a call via the voice path. Therefore, the hacker can detect this first number sequence from the base station 1 to the mobile station 1.

In step (C3), the home center converts the first random number (3294) into a number modulo N. In this example, N is the number of encryption keys, ie, mobile station 1
, N = 7, and stores a number (pointer) modulo N. Since the number (pointer) modulo 7 of the first random number (3294) is 4, 6024 is obtained from the table.
Is recognized by the home center as an encryption key number. At the same time, a number (pointer) 4 modulo 7 of the first random number (3294) is also stored. In other words, the home center stores the pointer 4 (and the encryption key number 6024 designated by the pointer 4).

In step (D1: 115), the mobile station 1 performs an inverse operation on the first number (4064796), which is the operation result transmitted from the base station via the voice path, using its own PIN number. In this embodiment, the PIN number (12
Divide by 34). The resulting first random number (which should be the same as that generated by the home center) 3294 is specified, and this number is converted into a number modulo 7. This first random number (3294) is 4 as a number (pointer) modulo 7.
Thus, the mobile station determines that 6
024 is recognized as an encryption key number (step 117).

Step (D2: 119) The mobile station generates a second random number that is the same number (4 in this case) when the number is modulo N = 7. This second random number is, for example, 2356. In the method of generating the second random number, a four-digit random number is sequentially generated by a random number generator, converted into a number modulo N = 7, and a number having a number of 4 is selected.

Alternatively, it is generated by the following formula. Second random number = [random number / N] × N + number of pointers Here, the symbol [P] represents the maximum integer of P.
That is, a four-digit random number is generated by a random number generator, and the random number is divided by a certain number N (the number of encryption key numbers). Only the integer part of the division result is taken out, multiplied by N, and the result is added with the number of pointers. This number of pointers is a number modulo N of the first random number, and is 4 in the above example. In either case, the result is the first random number divided by the second random number (modN).

Step (D3: 121) The mobile station 1
The arithmetic processing is performed on PIN = 1234, the encryption key number 6024, and the 2356 generated in the step (D2). Here, the second number that is the value obtained by multiplication is transmitted to the base station.

This second number is 1234 × 6024 × 23
56 = 175135929. A hacker can detect the second number sequence from the mobile station 1 to the base station 1.

In step (E1: 123), when the base station 1 receives the second number (1751359292) from the mobile station 1, it transmits the second number to the mobile switching center or NTT.
The data is sent to the home center via the network.

In step (E2: 123), the home center uses the PIN = 1234 of the base mobile station 1 at the home center and the encryption key number 6024 recognized by the home center for the second number transmitted from the mobile station 1. Then, the second random number generated by the mobile station by performing an inverse operation (here, division) is specified. The second random number specified here is 2356
Should be. Alternatively, the above inverse operation processing is performed not at the home center but at the base station, and as a result (2356)
Only the home center can be transmitted.

In step (E3: 125), the home center converts the second random number into a number modulo N = 7. As a result, this second random number becomes 4. This number 4 (pointer) is the same as a number modulo 7 with the first random number determined by the home center. If the result is the same, the mobile station attempting this call authenticates as a valid mobile station. As a result, the call is relayed to the called party.

However, if the first random number and the second random number do not match as a number modulo N = 7, the mobile station attempting the call is not considered a valid caller and the call is The call is interrupted by the base station (that is, the callee is not connected).

Next, referring to FIG. 2, the physical configuration of the mobile station (mobile phone) of the present invention will be described. Commercially available devices can be used for these components, and in particular, an encrypted data field may be transplanted to the memory 12 as storage means.

In FIG. 2, an antenna 20 for transmitting and receiving data signals and information signals to and from a base station by radio is provided by a transmitting / receiving
Connected to 0. The transmission / reception circuit 10 may be divided into two parts, a transmitter and a receiver. Processor 1
4 performs an arithmetic / inverse operation on the signal received by the transmission / reception circuit 10 and / or performs processing inside the mobile device (for example, the random number generator 1
The signal generated in 6) is processed. The contents registered (stored) in the memory 12 are, for example, a device number unique to the mobile device (mobile phone), a registered telephone number, an identification number (PIN), an encryption key number, and a pointer thereof. This specific example is shown in the column (column) of the mobile device (mobile phone) 1 in Table 1 described above.

The random number generator 16 generates a second random number. This second random number is congruent with the first random number in a number modulo N. As described above, regarding the generation of the second random number,
The random number may simply be generated, and the subsequent confirmation (calculation processing) of the first random number≡the second random number (modN) may be performed in the processor 14. Alternatively, the result confirmed (calculated) in the random number generator 16 may be sent to the processor 14. The control device 18 controls the processor 14.

In the above description, the operation / inverse operation is performed by a combination of multiplication and division. However, as a modification of the present invention, the operation / inverse operation may be executed by a combination of addition and subtraction.

Hereinafter, an example in which the arithmetic / inverse arithmetic processing is executed by a combination of addition and subtraction will be described. Using the same numbers described above, the base station can obtain 1234 (PIN) +3294
(First random number) = 4528 (first number) is transmitted to the mobile station. The mobile station obtains its PI from this first number (4528).
N number (1234) is subtracted, and the first
Estimate a random number. The mobile station calculates the first random number from the first random number.
Converts a random number to a number modulo 7 and the number (pointer)
Is 4 and the encryption key number 6024 is specified.

The mobile station generates a second random number (2356), which is the same as the first random number, modulo 7, and outputs 1234 (PI
N) +6024 (encryption key number) +2356 (second random number) = 9614 (second number) to the base station. The base station subtracts 1234 (PIN) and 6024 (encryption key number) from the second number (9614) to obtain 2356 (second
Random number). This second random number and the first
The first random number≡the second random number (mod7) is confirmed by comparing the random number with the random number. This combination of addition and subtraction is more advantageous than the combination of multiplication and division because it has fewer digits in the operation.

[0047]

According to the configuration of the present invention described above, in the transmission from the base station to the mobile station, the first random number merely specifies a plurality of encryption key pointers, and the encryption key number itself is not changed. Not sent. Therefore, hackers
This encryption key number cannot be directly intercepted. Even if one of the temporary encryption key numbers is detected by a hacker, the probability that the encryption key number will be used next time is 1 / N.

Further, the encryption key number is confirmed from the mobile station to the base station by transmitting its own PIN number, the encryption key number designated by the home center, and the result of multiplication (multiplication) of the second random number. The key number itself is never sent.

Therefore, even if a hacker intercepts the transmission between the base station and the mobile station, the encryption key number cannot be directly detected. That is, the encryption key number cannot be detected because it is a combination with a random number. However, even if this encryption key number is detected, the same encryption key number as that used next time is not always used (the probability of use is 1 / N). A hacker cannot become a true mobile station (user for a mobile phone) without permission without having such a list of encryption keys specified by the home improvement center.

[Brief description of the drawings]

FIG. 1 is a diagram showing a wireless communication system to which a method of the present invention is applied;

FIG. 2 is a block diagram of a mobile station to which the present invention is applied;

FIG. 3 is a flowchart showing a mobile station authentication process of the present invention.

FIG. 4 is a flowchart showing a mobile station authentication process of the present invention.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 10 Transceiver 12 Memory 14 Processor 16 Random number generator 18 Control device 20 Antenna 101 Transmission of a device number and a calling / called number called by a mobile station 103 Base station sets a call 105 Home center makes a temporary call Authenticate 107 Is the temporary authentication OK? 109 Connect the call to the home center 111 The home center specifies the PIN number and generates the first random number. The first number = PIN number × the first random number is sent to the mobile station 113 The mobile station receives the first number 115 The mobile station calculates (the first number / PIN number = the first random number) The first random number (modN) To calculate the cryptographic pointer. 117 The mobile station specifies the encryption key number from the encryption pointer. 119 Generate a second random number that satisfies a second random number divided by a first random number (modN). 121 Second number = PINx encryption key number × Second random number is generated and sent to the base station 123 The second random number is specified from the second number. 125 1st random number か 2nd random number (modN)?

 ──────────────────────────────────────────────────続 き Continuation of the front page (71) Applicant 596077259 600 Mountain Avenue, Murray Hill, New Jersey 07974-0636 U.S.A. S. A.

Claims (18)

[Claims] 1. A mobile station comprising a home center, a base station having a base station, and a mobile station, wherein the base station and the mobile station are:
In a mobile communication system that shares the same plurality of encryption data fields including N (where N is an integer of 2 or more) encryption key numbers, the base station authenticates the mobile station that has attempted to make a call. The method comprises: (A) initiating a call from a mobile station to a base station; and (B) a plurality of shared by the base station with the mobile station initiating the call ( (C1) transmitting a first random number designating one of the (N) encryption key numbers; and (C1) the mobile station calculates a plurality (N) of the first random numbers transmitted from the base station side. 1) of the encryption key numbers
(C2) transmitting, to the base station side, a second random number representing the specified encryption key number; and (D) the base station. The station side compares one encryption key number specified from the second random number transmitted from the mobile station with one encryption key number specified from the first random number in the step (B); (E) authenticating the mobile station that attempted the call by the base station only if the two encryption key numbers match in step (D); How to authenticate its legitimacy on the part. 2. The step (A) includes, from a mobile station to a base station in a cell where the mobile station is located, at least a calling party telephone number, a called party telephone number, and a mobile station equipment number. The method of claim 1, further comprising transmitting a call initiation signal. 3. A step (B) after the step (A).
Before the base station, the base station determines the validity of the mobile station that attempted to make a call from the calling party telephone number, called party telephone number, and mobile station equipment number transmitted from the mobile station. 2. The method of claim 1, further comprising the step of tentatively authenticating. 4. The method according to claim 1, wherein in the step (B), a calculation result of a PIN (identification) number of a mobile station that has attempted to make a call and the first random number is transmitted. 5. The calculation according to claim 1, wherein the PI of the mobile station attempting the call is set.
The method of claim 4, wherein the multiplication is an N number multiplied by the first random number. 6. In the step (C1), the first random number is converted into a number modulo N which is the number of encryption keys, and one encryption key number is designated by a pointer corresponding to the converted number. The method of claim 1, wherein 7. The method according to claim 1, wherein in the step (C2), a calculation result of a PIN number of the mobile station, an encryption key number designated by the first random number, and the second random number is transmitted. Method. 8. The method according to claim 7, wherein the calculation is a multiplication of a PIN number of the mobile station, an encryption key number designated by the first random number, and the second random number. 9. The method according to claim 1, wherein in the step (C2), the second random number that is congruent with the first random number is selected as a number modulo N. 10. The method of claim 1, wherein step (D) compares the first random number and the second random number based on whether they are congruent in a number modulo N. 11. The method according to claim 1, wherein the number N of encryption keys shared between the mobile station and the base station having the home center and the base station is different for at least two mobile stations. 12. The method of claim 1, wherein the relationship between the pointer number and the encryption key number is congruent with a number modulo N, ie, encryption key number≡pointer number (modN). 13. A home station, a base station having a base station, and a mobile station, wherein the home center and the mobile station are the same plurality (N, where N is an integer of 2 or more) of encryption key numbers. In a mobile communication system sharing an encrypted data field including: a method for authenticating the validity of a mobile station that has attempted to make a call on the base station side, comprising: Transmitting a call start signal including at least a caller telephone number and a called telephone number to a station; (B1) the base station transmitting the call start signal to the home center; (C1) The home center tentatively verifies the validity of the mobile station that has attempted the call from the call start signal. (C2) The home center performs the correctness in the (C1) step. After the identity is provisionally authenticated, an identification code (PIN) of the mobile station is recognized from the caller telephone number, a first random number is generated, and a first random number and a calculation result of the identification code are generated. Transmitting one number from the base station to the mobile station; and (C3) the home center transmits the first random number to N
Is converted to a number modulo, and the number modulo N is stored. From this number, one encryption key number specified by the number is extracted from the plurality (N) of encryption key numbers. And (D1) the mobile station performs an inverse operation using a PIN on the operation result transmitted from the base station via a voice path, and uses the inverse operation result (ie, a first random number) as N. Converting to a modulus number and extracting one encryption key number specified by the number from the plurality of (N) encryption key numbers from the number modulo N; (D2) (D3) the mobile station generates a second random number that is the same number as the number modulo N; and (D3) the mobile station generates one encryption key number specified as the PIN. Transmitting a second number, which is the result of the operation with the second random number, to the base station; Wherein the flop, and transmitting (E1) the base station to the second number of the Homusenta, (E2) the Homusenta includes a known PIN in Homusenta the second number transmitted from said mobile station (C
Inverse operation is performed using the encryption key number extracted in 2),
(E3) converting the second random number specified in the (E2) step into a number modulo N; and (E4) N specified in the (E3) step. Is compared with the number stored in the step (C2), and only when the numbers match, that is, the first random number≡the second random number (modN) is authenticated as valid. A method of authenticating the validity of a mobile station that has attempted a call on the base station side, comprising the steps of: 14. A mobile communication system comprising a home station, a base station having a base station, and a mobile station, and having a function of authenticating the validity of the mobile station that has attempted to make a call on the base station side. The base station and the mobile station share the same cipher data field including a plurality of (N, where N is an integer of 2 or more) cipher key numbers, and (B) the home center attempts to make a call. Transmitting a first random number designating one of the plurality of (N) encryption key numbers to the mobile station, and (C) the mobile station transmits the encryption key specified by the first random number to the mobile station. (D) the base station compares the first random number generated by itself with the received second random number, and the mobile station and the base station perform: After confirming that the same encryption key number is selected, the call is attempted. Mobile communication system, characterized in that to authenticate the validity of the mobile station. 15. A mobile station comprising a home center, a base station having a base station, and a mobile station, wherein the home center and the mobile station have the same plurality (N, where N is an integer of 2 or more) of encryption key numbers. A mobile phone used in a mobile communication system that shares a cryptographic data field including a cryptographic data field and authenticates a mobile station that has attempted to make a call on a base station side. 2
(B) a transmitting / receiving device (10) connected to the antenna (20); and (C) a first memory for storing an encryption data field including a plurality of encryption key numbers shared with the base station. (1
2) and (D) calculating the first number including the first random number from the base station side received via the transmitting / receiving device, and calculating the first number from the first memory ( (12) a first arithmetic processing unit (14) for selecting an encryption key number in an encryption data field registered in (12); and (E) a random number generator (2) for generating a second random number for specifying the selected encryption key number. (F) a second arithmetic processing unit (14) that performs arithmetic processing on the second random number and the encryption key number specified by the first random number to generate a second number; A mobile phone, comprising: a control device (18) for controlling the first and second arithmetic processing devices (14). 16. The method according to claim 16, wherein the first random number and the second random number are (first random number デ ー タ second random number (modN), where N is the number of encryption keys in the encryption data field). 15 phones. 17. An arithmetic operation performed in the second arithmetic processing device includes multiplying a PIN number of a telephone, the second random number, and an encryption key number specified by the first random number to calculate a second number. The telephone of claim 15, wherein the telephone is generated. 18. The telephone according to claim 15, wherein said first arithmetic processing unit and said second arithmetic processing unit are the same microprocessor.