CN1568037A - Authentication method for user of global mobile communication system when roaming to CDMA network - Google Patents
Authentication method for user of global mobile communication system when roaming to CDMA network Download PDFInfo
- Publication number
- CN1568037A CN1568037A CN03141257.2A CN03141257A CN1568037A CN 1568037 A CN1568037 A CN 1568037A CN 03141257 A CN03141257 A CN 03141257A CN 1568037 A CN1568037 A CN 1568037A
- Authority
- CN
- China
- Prior art keywords
- rand
- cdma
- authentication
- gsm
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a rights identification method for GSM user roaming to CDMA network. The invention includes: intercommunication and interoperation function (IIF) entity saves the Key of identification of the GSM user mobile station (MS) which is needed to roam into CDMA network; inter-conversion between the CDMA rights identification parameter and the GSM rights identification would be taken by certain algorithm to adapt. The rights identification would be executed by using the CDMA rights identification process and GSM rights identification. The invention uses the user's original SIM card to execute the rights identification when GSM user roams in to the new service of CDMA network and it prevents the operator distributes new user identification module to GSM user. Meanwhile, the existing GSM network device and CDMA network device need not to be modified. It realizes the convenience and improves the operatibilty of the traffic.
Description
Technical field
The present invention relates to the authentication techniques of mobile communication system, particularly a kind of global system for mobile communications (GSM) user roams into the method for authenticating of code division multiple access (CDMA) network.
Background technology
In mobile communication system, travelling carriage is wanted connecting system, at first will carry out authentication, could access network by the validated user of authentication.
Wherein, the GSM network is to GSM user's authentication, comprises generic authentication algorithm A3/A8 and to MS and the unique parameter identity key (Ki) of network; When SIM card generates, will generate Ki and write in the card; When in HLR/AuC, GSM user being opened an account, need to preserve with SIM card in the identical Ki of preservation; Ki can not transmit by eating dishes without rice or wine.
Network side carries out authentication by following steps to MS:
1, HLR/AuC will generate random number RA ND, and go out symbol response (SRES) and ciphering key (Kc) according to Ki and RAND through the A3/A8 algorithm computation;
2, network side is by authentication request message, and ND sends to MS with random number RA;
3, after MS receives RAND, go out SRES and Kc according to RAND and Ki through the A3/A8 algorithm computation equally, and SRES is returned to network side, Kc need be in the transmission of eating dishes without rice or wine;
SRES=A3(RAND,Ki);Kc=A8(RAND,Ki);
Wherein SRES is 32 (bit), and Kc is 64 (bit), and RAND is 128 (bit), and Ki is 32 (bit).
4, after network side is received the SRES that MS sends, it is compared with the SRES that self calculates, identical then MS is a validated user, otherwise illegally.
In addition, cdma network is to the method for CDMA subscription authentication, comprises a general subscription authentication and voice encryption algorithm (CAVE) and to travelling carriage (MS) and the unique parameter KI (AKey) of network; When the R-UIM card generated, generation AKey also write in the card; When in HLR/AC, CDMA user being opened an account, need to preserve with the R-UIM card in the identical AKey of preservation; By Shared Secret Data (SSD) new technological process more, can generate SSD according to AKey and authentication random number (RANDSSD), and SSD is one of most important parameter of CDMA authentication, can only dynamically generate.AKey and SSD can not transmit by eating dishes without rice or wine.
When the user's connecting system first time, must at first carry out shared secret data (SSD) update, be consistent to guarantee the SSD in HLR/AC and the R-UIM card; Otherwise authentication can't be successful;
After shared secret data (SSD) update success, during connecting system, network needs carry out authentication to the user user once more; Because the authentication parameter in HLR/AC and the R-UIM card is in full accord, the algorithm through same should be able to calculate identical result; Otherwise, show that this user is the disabled user.
Network has dual mode to user's authentication:
A kind of is the broadcast query authentication, and this mode requires base station (BS) system to support the broadcast query authentication, and it to the process that MS carries out authentication is:
1, network side is periodically broadcasted RAND by control/paging channel all MS under this sub-district.
When 2, MS needs connecting system, as location registers, beginning exhale, page response etc., use RAND compute authentication result (AUTHR) on current control/paging channel, and in initial access message, send to network side.
3, network side calculates AUTHR according to RAND, and compares with AUTHR that MS sends up, and identical then MS is a validated user, otherwise illegal.
The algorithm that network side calculates AUTHR is identical with the algorithm that MS calculates AUTHR, for:
AUTHR=CAVE (RAND, SSD_A, ESN, AUTHDATA); Wherein AUTHR is 18 (bit), RAND is 32 (bit), SSD_A is SSD preceding 64 (bit), ESN is an Electronic Serial Number, AUTHDATA is an authorization data, the data that access style does not use simultaneously are also different, as calculating according to mobile identification number (MIN) and called number when calling out, then only calculate according to MIN when location registers or page response.
Another kind is the unique challenge authentication mode, with this mode to the process that MS carries out authentication is:
1, network side generates unique challenge random number (RANDU), and calculates this user's authenticating result (AUTHU) with this RANDU; And will send unique challenge random number (RANDU) to MS.
2, MS also calculates AUTHU and returns to network side according to RANDU after receiving RANDU.
3, last, network side compares AUTHU that self calculates and the AUTHU that MS sends, and identical then MS is a validated user, otherwise illegally.
This authentication mode can be initiated on control channel or Traffic Channel by MSC; Its algorithm is as follows:
AUTHU=CAVE (RANDU, SSD_A, ESN, MIN); Wherein AUTHU is 18 (bit), and RANDU is 32 (bit), and SSD_A is SSD preceding 64 (bit), and ESN is an Electronic Serial Number, and MIN is mobile identification number.
At present, increase an intercommunication and interoperability functional entity (IIF) by network side and can support the GSM registered user to use business in the cdma network and CDMA registered user to use business in the GSM network, IIF mainly finishes intercommunication and the interoperability function between GSM network and the cdma network; Referring to Fig. 1, Fig. 1 is the syndeton schematic diagram of IIF and GSM network and cdma network.
Wherein, in American National Standards Institute's 41 serial protocols (ANSI-41) core net 110 of CDMA, (AC) 111 of CDMA AUC links to each other with attaching position register (HLR) 113 by H interface, short message service center (MC) 112 links to each other with HLR by the N interface, and MC112, HLR113, Visited Location Registor (VLR) 114, mobile switching centre (MSC) 115 link to each other with IIF with E interface by Q interface, D interface, D interface respectively.
In GSM MAP (MAP) core net 130, GSM Short Message Service Center (SMS-SC) 132 links to each other respectively with GSM short message service-intercommunication MSC (SMS-IWMSC) 131, GSM short message service-Gateway MSC (SMS-GMSC) 133, (AuC) 135 of GSM AUC links to each other with HLR134 by H interface, and SMS-IWMS131, CSMS-GMSC133, HLR134, VLR136, MSC137, Serving GPRS Support Node (SGSN) 138 link to each other with IIF by E interface, E interface, D interface, D interface, E interface, Gr interface respectively.
IIF120 is between GSM MAP core net and the ANSI-41 core net, carries out the conversion of ANSI-41 signaling and GSM MAP signaling.
Roam into cdma network when the GSM registered user uses dual-mode terminal, claim the GSM registered user to be in the outer ground mode of CDMA; At this moment, for cdma network, IIF can regard this GSM registered user's CDMA HLR as; And for the GSM network, IIF can see the GSM VLR that serves this GSM registered user as.
The GSM user who is in the outer ground mode of CDMA need be by the cdma network authentication, and after the authentication success, GSM user just is allowed to access cdma network, obtains to use the right of Internet resources.For allowing GSM user to use the business of cdma network resource, authentication is one of design of most critical.
Above-mentioned GSM network authentication method and cdma network method for authenticating when the GSM network is connected with cdma network by IIF, all can not carry out authentication to the GSM user who roams into cdma network.Therefore, the method for authenticating that GSM user roams into cdma network occurred, this method is:
Because IIF possesses CDMA HLR function, so, on IIF or AC, need to need registration GSM user's CDMA authentication subscription data A-Key, generally pass through on the GSM terminal, to insert standard CDMA R-UIM card, or use the newtype bimodulus card that to store Ki and A-Key simultaneously to realize in terminal.Like this, the GSM user under the outer ground mode of CDMA uses CDMA standard authentication flow process, comprises shared secret data (SSD) update and authentication; Do not need in the authentication process to participate in mutual with home network GSM HLR.
Referring to Fig. 2, Fig. 2 roams into the schematic flow sheet of cdma network authentication for prior art GSM user.The GSM user terminal has inserted CDMA R-UIM card, and this user also is CDMA user simultaneously.When in HLR/AC, CDMA user being opened an account, preserve with the R-UIM card in the identical AKey of preservation; By the shared secret data (SSD) update flow process, can generate SSD according to AKey and RAND.When the user's connecting system first time, must at first carry out shared secret data (SSD) update, be consistent to guarantee the SSD in HLR/AC and the R-UIM card.The basic procedure of authentication may further comprise the steps when like this, GSM user roamed into cdma network:
Step 201, MS calculates AUTHR according to SSD and RAND;
Step 202, MS sends to AUTHR the MSC/VLR of cdma network;
Step 203, MSC/VLR sends authentication request (AUTHREQ) message to IIF;
Step 204 after IIF receives authentication request message, is transmitted authentication request to the AC of cdma network;
Step 205, the AC of cdma network calculates AUTHR according to SSD, RAND, and compares with AUTHR that IIF sends up; If inequality, then be indicated as the disabled user, otherwise be validated user;
Step 206, the AC of cdma network returns Authentication Response (authreq) message that comprises authenticating result to IIF;
Step 207, IIF is transmitted to authenticating result the MSC/VLR of cdma network;
Step 208, MSC/VLR handles according to authenticating result, and validated user is inserted, and the disabled user removes.
Said GSM user roams in the method for authenticating of cdma network, need on the GSM terminal, provide new subscriber identification module, use the newtype bimodulus card that to store Ki and A-Key simultaneously to realize generally by insertion standard CDMA R-UIM card on the GSM terminal, or in terminal.Therefore, operator need provide subscriber identification module once more to having applied for roaming into the GSM user of CDMA net function.This user of making enjoys the distribution of services mode more complicated of new business, needs the user to cooperate, and is unfavorable for professional popularization.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of global system for mobile communications (GSM) user to roam into the method for authenticating of code division multiple access (CDMA) network, carrying out GSM user when roaming into the new business of cdma network, avoid operator to provide new subscriber identification module, strengthen professional manageability to GSM user.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
A kind of global system for mobile communications (GSM) user roams into the method for authenticating of code division multiple access (CDMA) network, and this method comprises:
1) intercommunication and interoperability functional entity (IIF) are preserved the identity key (Ki) of GSM user's travelling carriage (MS) that need roam into cdma network;
2) broadcast query authentication process may further comprise the steps:
21) MS receives the CDMA authentication random number (C-RAND) of base station controller (BSC) broadcasting of CDMA, this authentication random number (C-RAND) is converted to GSM authentication random number (G-RAND), calculates symbol response (SRES) and ciphering key (Kc) according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, sends to BSC;
22) BSC sends to authentication random number (C-RAND) and CDMA authenticating result mobile switching centre (MSC)/VLR Visitor Location Register (VLR) of CDMA;
23) MSC/VLR sends the authentication request that comprises authentication random number (C-RAND) and CDMA authenticating result to IIF;
24) IIF is converted to GSM authentication random number (G-RAND) with the authentication random number of receiving (C-RAND), and the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result, CDMA authenticating result of changing out and the CDMA authenticating result of receiving are compared, finish the broadcast query authentication;
3) unique challenge authentication process may further comprise the steps:
31) MSC/VLR of CDMA sends authentication request for the MS with the GSM of authentication parameter not to IIF;
32) IIF generates authentication random number (C-RAND), and is converted to GSM authentication random number (G-RAND) according to authentication request, and the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result;
33) IIF returns the Authentication Response that comprises authentication random number (C-RAND) and CDMA authenticating result to MSC/VLR;
34) MSC/VLR preserves the CDMA authenticating result, and sends the unique challenge authentication request that comprises authentication random number (C-RAND) to MS by BSC;
35) MS is converted to GSM authentication random number (G-RAND) with the authentication random number of receiving (C-RAND), calculates SRES and Kc according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, and authenticating result is returned to MSC/VLR with Authentication Response by BSC;
36) MSC/VLR is with CDMA authenticating result and the step 34 received) in the CDMA authenticating result of preserving compare, finish the unique challenge authentication.
Wherein, described step 34) may further include: MSC/VLR earlier by BSC assignment Traffic Channel, after the Traffic Channel Assignment success, sends the unique challenge authentication request after receiving the Authentication Response that IIF returns again.
The method of described assignment Traffic Channel can send the assignment request to BSC for: MSC/VLR; BSC is according to this assignment request assignment Traffic Channel; And return assignment response to MSC/VLR.
Step 21)-step 24) described in the CDMA authentication random number can be the global challenge random number; Step 32)-step 36) described in the CDMA authentication random number can be the unique challenge authentication random number.
Described with C-RAND be converted to G-RAND method can for: C-RAND is carried out inserting G-RAND after the computing; Or with C-RAND and international mobile subscriber identity (IMSI) or/and Electronic Serial Number (ESN) carry out inserting G-RAND after the computing.For example, this method can for: C-RAND is inserted the fixed position of G-RAND, with the G-RAND rest position with predetermined number or/and international mobile subscriber identity (IMSI) fill up; Or with the rest position of G-RAND with predetermined number or/and Electronic Serial Number (ESN) fill up.
The described method that calculates RES and Kc according to the Ki that preserves among G-RAND and the MS, can be identical with the method that described Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc, for: go out SRES and Kc with G-RAND and Ki by the A3/A8 algorithm computation.
Described with SRES be converted to the CDMA authenticating result method can for: will take out the CDMA authenticating result in the fixed position of SRES; Or after SRES carried out computing, take out the CDMA authenticating result in the fixed position; Or with SRES and Kc or/and international mobile subscriber identity (IMSI) or/and after Electronic Serial Number (ESN) carries out computing, take out the CDMA authenticating result in the fixed position.
By technical scheme of the present invention as seen, the method for authenticating that this global system for mobile communications of the present invention (GSM) user roams into code division multiple access (CDMA) network is being carried out GSM user when roaming into the new business of cdma network, use original GSM user's SIM card to carry out authentication, avoided operator to provide new subscriber identification module to GSM user, simultaneously, do not need to revise the existing GSM network equipment and CDMA network facility, realize easyly, strengthened professional manageability.
Description of drawings
Fig. 1 is the syndeton schematic diagram of IIF and GSM network and cdma network;
Fig. 2 roams into the schematic flow sheet of cdma network authentication for prior art GSM user;
Fig. 3 is the global challenge schematic flow sheet of the present invention's first preferred embodiment;
Fig. 4 is the schematic diagram that middle MS embodiment illustrated in fig. 3 generates AUTHR;
Fig. 5 is the unique challenge authorizing procedure schematic diagram of the present invention's second preferred embodiment.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.
The present invention is according to GSM network authentication parameter and cdma network authentication parameter result relatively, is undertaken adaptively by certain algorithm, and CDMA authentication parameter and GSM authentication parameter are changed mutually, carries out authentication.
Referring to table one, table one GSM network authentication parameter and cdma network authentication parameter are relatively.
| ??GSM | ????CDMA | ||
| Random number | Sign | ??RAND | ????RANDU |
| Length | 128 (bit) | 32 (bit) | |
| Authenticating result | Sign | SRES, annotate: Kc does not need to transmit | ????AUTHU |
| Length | 32 (bit) | 18 (bit) | |
Table one
By table one as seen, if use the CDMA authorizing procedure, can't carry the GSM authentication parameter fully; Therefore, can consider to be undertaken adaptive, the RAND of the 32bit of CDMA or RANDU (being called for short C-RAND) are converted to 128bitRAND (being called for short G-RAND) by algorithm Fa by certain algorithm; And the 32bitSRES of GSM is converted to AUTHR or the AUTHU (being called for short C-AUTH) of the 18bit of CDMA by algorithm Fb; Corresponding relation is represented as follows:
G-RAND=Fa(C-RAND)
C-AUTH=Fb(SRES)
Algorithm Fa and Fb can also the user profile conduct go into ginseng, as certain several byte in MIN, ESN, the called number (can represent with complete 1 during no called number), but are not limited only to this Several Parameters;
Wherein, algorithm Fa can carry out C-RAND to insert G-RAND after the computing; Or with C-RAND and international mobile subscriber identity (IMSI) or/and Electronic Serial Number (ESN) carry out inserting G-RAND after the computing.
For example: C-RAND is inserted the fixed position of G-RAND, with the G-RAND rest position with predetermined number or/and international mobile subscriber identity (IMSI) fill up; Or with the rest position of G-RAND with predetermined number or/and Electronic Serial Number (ESN) fill up.
Algorithm Fb can take out the CDMA authenticating result with the fixed position at SRES; Or after SRES carried out computing, take out the CDMA authenticating result in the fixed position; Or with SRES and Kc or/and international mobile subscriber identity (IMSI) or/and after Electronic Serial Number (ESN) carries out computing, take out the CDMA authenticating result in the fixed position.
Among the present invention, IIF wherein preserves Ki and authentication algorithm A3/A8 as GSM registered user HLR/AC under the ground mode outside CDMA.When the GSM user who in IIF needs is roamed into cdma network opens an account, the relation of international mobile subscriber identity (IMSI) and Ki is kept in the database of IIF.
Method for authenticating of the present invention comprises: broadcast query authentication process and unique challenge authentication process.Below two authentication processes lifted a preferred embodiment respectively be elaborated.
First preferred embodiment is a broadcast query authentication beginning to exhale flow process.Present embodiment does not have difference with common CDMA global challenge flow process on authorizing procedure, but adopts the authentication arithmetic of GSM on authentication arithmetic, and has increased Fa and two functions of Fb newly.Referring to Fig. 3, Fig. 3 is the global challenge schematic flow sheet of the present invention's first preferred embodiment; This flow process may further comprise the steps:
Step 301, BSC is by paging/control channel broadcast authentication random number C-RAND.
Step 302, MS is converted to G-RAND by algorithm Fa with C-RAND earlier for the C-RAND that receives, and goes out SRES and Kc with the Ki of G-RAND and MS preservation by A3/A8 algorithm computation in the SIM card of MS, with algorithm Fb SRES is converted to authenticating result AUTHR then.
Step 303, MS sends the beginning comprise AUTHR to BSC and calls for and ask.
Step 304, BSC receive the beginning call for ask after, send service request (CM ServiceRequest) to MSC/VLR, wherein comprise C-RAND and AUTHR.
Step 305 after MSC/VLR receives service request, sends authentication request AUTHREQ to IIF, wherein comprises C-RAND and AUTHR.
Step 306, after IIF receives authentication request message, at first C-RAND is converted to G-RAND by the Fa algorithm, and go out SRES and Kc by the A3/A8 algorithm computation with the Ki of this MS that preserves among G-RAND and the IIF, by algorithm Fb SRES is converted to AUTHR then, and whether the AUTHR that relatively calculates equates with the AUTHR that MSC/VLR sends up in authentication request; If equate, then be indicated as validated user, allow to insert; Otherwise, being the disabled user, refusal inserts.
Step 307, IIF returns to MSC/VLR and comprises the Authentication Response (authreq) that whether allows user accessing information.
Whether step 308 is after MSC/VLR receives authentication response message, according to allowing user accessing information to continue call treatment or removing calling.
Wherein, step 302 is processes that MS generates AUTHR; The process that has comprised IIF generation AUTHR in the step 306.Fig. 4 is the schematic diagram that middle MS embodiment illustrated in fig. 3 generates AUTHR; It comprises three algorithms: earlier by algorithm Fa 32 C-RAND is converted to 128 G-RAND, calculates 32 and Kc, by algorithm Fb 32 SRES is converted to 18 AUTHR at last in ME by the algorithm A3/A8 in the SIM card with this G-RAND and Ki then in the mobile device (ME) in MS.The algorithm that generates AUTHR among the IIF is same as shown in Figure 4, be used Ki and A3/A8 algorithm be to be stored among the IIF in advance.
Fa has adopted a kind of better simply algorithm in the present embodiment: C-RAND is inserted preceding 32 of G-RAND, and other positions of G-RAND can extend this as complete 1.The algorithm of Fb is also fairly simple: from 32 SRES, take out preceding 18 as AUTHR.In actual applications, algorithm Fa, Fb can use and change than complicated algorithm with certain several byte in MIN, ESN, the called number (can represent with complete 1 during no called number) as going into ginseng.
Present embodiment is exhaled flow process for the beginning, and the authentication process flow process of location registers, page response similarly.
Second preferred embodiment is a unique challenge authentication beginning to exhale flow process.Present embodiment does not have difference with the unique authorizing procedure of common CDMA on authorizing procedure, but adopts the authentication arithmetic of GSM on authentication arithmetic, and has increased Fa and two functions of Fb newly.Referring to Fig. 5, Fig. 5 is unique authorizing procedure schematic diagram of the present invention's second preferred embodiment; This flow process may further comprise the steps:
Step 501, MS inserts, and is not with authentication parameter, and MSC/VLR sends authentication request (AUTHREQ) for this MS to IIF.
Step 502, after IIF receives authentication request message, find no authentication parameter, then generate random number RA NDU (C-RAND), and C-RAND is converted to G-RAND by the Fa algorithm, go out SRES and Kc with the Ki of this MS that preserves among G-RAND and the IIF by the A3/A8 algorithm computation; By the Fb algorithm SRES is converted to CDMA authenticating result (AUTHU) again.
Step 503, IIF returns Authentication Response (authreq) to MSC/VLR, wherein comprises RANDU, AUTHU, and instruct MS C/VLR initiates the unique challenge authentication;
Step 504 after MSC/VLR receives authentication response message, is found to comprise RANDU and AUTHU, then preserves AUTHU.
Step 505, MSC/VLR sends assignment request (Assignment Request) assignment Traffic Channel to BSC
Step 506, after BSC receives the assignment request, the assignment Traffic Channel, and return assignment response (Assignment Response);
Step 507, after the Traffic Channel Assignment success, MSC/VLR sends unique challenge authentication request (Authentication Request) to BSC, wherein comprises RANDU.
Step 508, BSC sends to MS with the unique challenge authentication request of receiving (Authentication Request).
Step 509, after MS receives the unique challenge authentication request message, obtain random number RA NDU (C-RAND), and C-RAND is converted to G-RAND by algorithm Fa, and go out SRES and Kc by A3/A8 algorithm computation in the SIM card, by algorithm Fb SRES is converted to AUTHU then.
Step 510, MS returns unique Authentication Response to BSC, wherein comprises AUTHU.
Step 511, the Unique Challenge Authentication Response that comprises AUTHU that BSC will receive returns to MSC/VLR.
Step 512 after MSC/VLR receives unique challenge authentication request response, obtains AUTHU, and with in step 504) AUTHU that preserves compares, whether judged result consistent, if consistent, then is indicated as validated user; Otherwise, be the disabled user.
Step 513, MSC/VLR reports IIF with judged result by authentication status report (ASREPORT).
Step 514, after IIF received authentication status report, whether decision allowed the user to insert according to judged result, and will comprise in the authentication status report response (asreport) that whether allows access information and return to MSC/VLR.
Whether step 515 is after MSC/VLR receives authentication status report response message, according to allowing access information continuation access processing or removing user to insert.
Wherein, step 502 is processes that IIF generates AUTHU; Step 509 is processes that MS generates AUTHU.In the present embodiment, the MS of step 509 generates the process of AUTHU, and the process that generates AUTHR with the MS of step 302 among Fig. 3 is identical; IIF generates the process of AUTHU in the step 502, and the process that generates AUTHR with the IIF of step 306 among Fig. 3 is identical; Algorithm Fa and Fb also can be identical with first preferred embodiment.
Present embodiment is exhaled flow process for the beginning, and the authentication process flow process of page response similarly.
Among above-mentioned two embodiment, for the GSM user who roams into cdma network, IIF forbids carrying out the shared secret data (SSD) update operation.
In addition, the present invention can also have following implementation method: identical with above-mentioned two embodiment, at first, preserve the identity key (Ki) of GSM user's travelling carriage (MS) that need roam into cdma network among the IIF, IIF also possesses the ability of carrying out the computing of GSM A3/A8 algorithm.Then, in the shared secret data (SSD) update flow process, utilize Ki to produce SSD.At last, in broadcast query authentication and unique challenge authorizing procedure, the MS of GSM as a common CDMA terminal by CMSC or AuC authentication.
Wherein, utilize Ki to produce in the method and above-mentioned two authorizing procedures of SSD, utilize the method for Ki generation AUTHR or AUTHU similar.
The process of utilizing Ki to produce SSD may further comprise the steps:
1, IIF produces random number RA NDSSD, and is converted to G-RAND by the Fa algorithm, and the Ki with the GSM MS that carries out shared secret data (SSD) update that preserves among G-RAND and the IIF goes out SRES and Kc by the A3/A8 algorithm computation; By the Fb algorithm SRES is converted to SSD again.
2, IIF sends to RANDSSD the MS of GSM by the MSC/VLR of CDMA.
3, the MS of GSM uses by algorithm Fa RANDSSD is converted to G-RAND, and goes out SRES and Kc by A3/A8 algorithm computation in the SIM card, by algorithm Fb SRES is converted to SSD then.
4, the MS of GSM produces and confirms that shared secret data (SSD) update information sends to IIF by the MSC/VLR of CDMA.
Like this, the MS of GSM just can be as a common CDMA terminal SSD parameter, by CMSC or AuC authentication.
By above-mentioned three embodiment as seen, the method for authenticating that this global system for mobile communications of the present invention (GSM) user roams into code division multiple access (CDMA) network is being carried out GSM user when roaming into this new business of cdma network, do not increase new authorizing procedure at GSM other places mode user, do not change or revise GSM subscriber identification module SIM, use original GSM user's SIM card to carry out authentication, avoided operator to provide new subscriber identification module to GSM user, simultaneously, do not need to revise the existing GSM network equipment and CDMA network facility, realize easyly, strengthened professional manageability.
Claims (8)
1, a kind of global system for mobile communications (GSM) user roams into the method for authenticating of code division multiple access (CDMA) network, it is characterized in that, this method comprises:
1) intercommunication and interoperability functional entity (IIF) are preserved the identity key (Ki) of GSM user's travelling carriage (MS) that need roam into cdma network;
2) broadcast query authentication process may further comprise the steps:
21) MS receives the CDMA authentication random number (C-RAND) of base station controller (BSC) broadcasting of CDMA, this authentication random number (C-RAND) is converted to GSM authentication random number (G-RAND), calculates symbol response (SRES) and ciphering key (Kc) according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, sends to BSC;
22) BSC sends to authentication random number (C-RAND) and CDMA authenticating result mobile switching centre (MSC)/VLR Visitor Location Register (VLR) of CDMA;
23) MSC/VLR sends the authentication request that comprises authentication random number (C-RAND) and CDMA authenticating result to IIF;
24) IIF is converted to GSM authentication random number (G-RAND) with the authentication random number of receiving (C-RAND), and the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result, CDMA authenticating result of changing out and the CDMA authenticating result of receiving are compared, finish the broadcast query authentication;
3) unique challenge authentication process may further comprise the steps:
31) MSC/VLR of CDMA sends authentication request for the MS with the GSM of authentication parameter not to IIF;
32) IIF generates authentication random number (C-RAND), and is converted to GSM authentication random number (G-RAND) according to authentication request, and the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result;
33) IIF returns the Authentication Response that comprises authentication random number (C-RAND) and CDMA authenticating result to MSC/VLR;
34) MSC/VLR preserves the CDMA authenticating result, and sends the unique challenge authentication request that comprises authentication random number (C-RAND) to MS by BSC;
35) MS is converted to GSM authentication random number (G-RAND) with the authentication random number of receiving (C-RAND), calculates SRES and Kc according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, and authenticating result is returned to MSC/VLR with Authentication Response by BSC;
36) MSC/VLR is with CDMA authenticating result and the step 34 received) in the CDMA authenticating result of preserving compare, finish the unique challenge authentication.
2, method for authenticating as claimed in claim 1, it is characterized in that described step 34) further comprise: after MSC/VLR receives the Authentication Response that IIF returns, earlier by BSC assignment Traffic Channel, after the Traffic Channel Assignment success, send the unique challenge authentication request again.
3, method for authenticating as claimed in claim 2 is characterized in that, the method for described assignment Traffic Channel is: MSC/VLR sends the assignment request to BSC; BSC is according to this assignment request assignment Traffic Channel; And return assignment response to MSC/VLR.
4, method for authenticating as claimed in claim 1 is characterized in that: step 21)-step 24) described in the CDMA authentication random number be the global challenge random number; Step 32)-step 36) described in the CDMA authentication random number be the unique challenge authentication random number.
5, method for authenticating as claimed in claim 1 is characterized in that: the described method that C-RAND is converted to G-RAND is: C-RAND is carried out inserting G-RAND after the computing; Or with C-RAND and international mobile subscriber identity (IMSI) or/and Electronic Serial Number (ESN) carry out inserting G-RAND after the computing.
6, method for authenticating as claimed in claim 5, it is characterized in that: the described method that C-RAND is converted to G-RAND is: C-RAND is inserted the fixed position of G-RAND, with the G-RAND rest position with predetermined number or/and international mobile subscriber identity (IMSI) fill up; Or with the rest position of G-RAND with predetermined number or/and Electronic Serial Number (ESN) fill up.
7, method for authenticating as claimed in claim 1, it is characterized in that: the described method that calculates RES and Kc according to the Ki that preserves among G-RAND and the MS, the method that calculates SRES and Kc with described Ki according to this MS that preserves among G-RAND and the IIF is identical, for: go out SRES and Kc with G-RAND and Ki by the A3/A8 algorithm computation.
8, method for authenticating as claimed in claim 1 is characterized in that: the described method that SRES is converted to the CDMA authenticating result is: will take out the CDMA authenticating result in the fixed position of SRES; Or after SRES carried out computing, take out the CDMA authenticating result in the fixed position; Or with SRES and Kc or/and international mobile subscriber identity (IMSI) or/and after Electronic Serial Number (ESN) carries out computing, take out the CDMA authenticating result in the fixed position.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031412572A CN1297155C (en) | 2003-06-10 | 2003-06-10 | Authentication method for user of global mobile communication system when roaming to CDMA network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031412572A CN1297155C (en) | 2003-06-10 | 2003-06-10 | Authentication method for user of global mobile communication system when roaming to CDMA network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1568037A true CN1568037A (en) | 2005-01-19 |
| CN1297155C CN1297155C (en) | 2007-01-24 |
Family
ID=34470861
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031412572A Expired - Fee Related CN1297155C (en) | 2003-06-10 | 2003-06-10 | Authentication method for user of global mobile communication system when roaming to CDMA network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1297155C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007121638A1 (en) * | 2006-04-24 | 2007-11-01 | Zte Corporation | An authentication method for cdma user roaming to gsm network |
| US8005475B2 (en) | 2006-01-05 | 2011-08-23 | Qualcomm Incorporated | Method and system for mapping provisioning information of different communications networks |
| CN101631309B (en) * | 2008-07-17 | 2013-03-20 | 上海华为技术有限公司 | Method, device and system for authenticating terminal based on home base station network |
| CN101112039B (en) * | 2005-02-03 | 2014-07-16 | 三星电子株式会社 | Wireless network system and communication method for external device to temporarily access wireless network |
| CN113225756A (en) * | 2021-04-30 | 2021-08-06 | Oppo广东移动通信有限公司 | Network residing method, device, terminal and computer readable storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6584310B1 (en) * | 1998-05-07 | 2003-06-24 | Lucent Technologies Inc. | Method and apparatus for performing authentication in communication systems |
| FI105966B (en) * | 1998-07-07 | 2000-10-31 | Nokia Networks Oy | Authentication in a telecommunications network |
| KR100398991B1 (en) * | 2001-03-26 | 2003-09-19 | 주식회사 케이티프리텔 | A cdma terminal capable of providing a roaming service for gsm service subscribers in a cdma service area and roaming service method on the same cdma terminal |
-
2003
- 2003-06-10 CN CNB031412572A patent/CN1297155C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101112039B (en) * | 2005-02-03 | 2014-07-16 | 三星电子株式会社 | Wireless network system and communication method for external device to temporarily access wireless network |
| US8005475B2 (en) | 2006-01-05 | 2011-08-23 | Qualcomm Incorporated | Method and system for mapping provisioning information of different communications networks |
| WO2007121638A1 (en) * | 2006-04-24 | 2007-11-01 | Zte Corporation | An authentication method for cdma user roaming to gsm network |
| CN100562167C (en) * | 2006-04-24 | 2009-11-18 | 中兴通讯股份有限公司 | A kind of CDMA user is roamed into the method that the GSM network carries out authentication |
| CN101631309B (en) * | 2008-07-17 | 2013-03-20 | 上海华为技术有限公司 | Method, device and system for authenticating terminal based on home base station network |
| CN113225756A (en) * | 2021-04-30 | 2021-08-06 | Oppo广东移动通信有限公司 | Network residing method, device, terminal and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1297155C (en) | 2007-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1158886C (en) | Method and system for over-the-air service programming | |
| CN1298194C (en) | Radio LAN security access method based on roaming key exchange authentication protocal | |
| CN1310476C (en) | Method for building session connection to wireless local network user | |
| CN1859614A (en) | Method, device and system for radio transmission | |
| CN1913701A (en) | Method for providing different safety class service to different user in mobile communication system | |
| CN1870808A (en) | Key updating method | |
| CN1645960A (en) | Interactive method for re-selecting operating network to wireless local network | |
| CN1256002C (en) | Subscriber authentication | |
| CN1418444A (en) | Method for preforming radio resource level registration in wireless communication system | |
| CN1711791A (en) | Method for operating terminals of a mobile radio communication system | |
| CN1852581A (en) | Method for transmitting data on downward link | |
| CN1674497A (en) | Certification method for WLAN terminal switching in mobile network | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN101060712A (en) | Wireless connecting establishment method | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN1893720A (en) | Method of switching-over between systems | |
| CN1859335A (en) | Radio local network connecting gateway strategy loading method in radio local network | |
| CN1794682A (en) | Method of establishing safety channel in radio access network | |
| CN1645793A (en) | Cut-in identification realizing method for wireless local network | |
| CN1297155C (en) | Authentication method for user of global mobile communication system when roaming to CDMA network | |
| CN1801706A (en) | Network authentication system and method for IP multimedia subsystem | |
| CN1801705A (en) | Pre-authentication method | |
| CN101052032A (en) | Business entity certifying method and device | |
| CN1681239A (en) | Method for supporting multiple safe mechanism in wireless local network system | |
| CN1561027A (en) | Integral service discrimination interface and integral service implementing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070124 Termination date: 20200610 |