Академический Документы
Профессиональный Документы
Культура Документы
Contents
Contents
5 Authentication Procedure.........................................................................................................5-1
5.1 Overview...........................................................................................................................................................5-2
5.2 Authentication Procedure .................................................................................................................................5-2
5.2.1 Successful Authentication.......................................................................................................................5-2
5.2.2 Unsuccessful Authentication ..................................................................................................................5-3
5.3 Internal Handling of BSC.................................................................................................................................5-4
5.4 Abnormal Cases................................................................................................................................................5-4
Issue 01 (2007-03-15)
Figures
Figures
Figure 5-1 Procedure of successful authentication ...............................................................................................5-3
Figure 5-2 Authentication rejection procedure .....................................................................................................5-4
ii
Issue 01 (2007-03-15)
5 Authentication Procedure
Authentication Procedure
Description
5.1 Overview
Issue 01 (2007-03-15)
5-1
5 Authentication Procedure
5.1 Overview
Authentication refers to the procedure of authenticating the validity of the IMSI and TMSI of
MS initiated by the GSM network.
The purpose of the authentication procedure is to prevent illegal MS from accessing the
network, and in the meantime, to protect the private information of legal MS from leakage.
On the following conditions, the network may initiate the authentication procedure.
z
MS accesses the network for the first time after MSC/VLR is restarted
To permit the network to check whether the identity provided by MS is acceptable or not
5-2
Issue 01 (2007-03-15)
5 Authentication Procedure
BTS
BSC
MSC
AUT_REQ(1)
AUT_RES(2)
Step 1 The Authentication Request message contains a RAND (Random Number) and a CKSN.
There are total 128 bits in the RAND.
Step 2 The Authentication Response message contains a response number (SRES), which is obtained
based on calculation of RAND and Ki through the A3 algorithm.
The network compares the SRES stored in itself with the one contained in the Authentication
Response message. If the two are consistent, authentication shall be passed, and the
subsequent sub-procedures (such as the encryption procedure) shall be entered.
----End
BTS
BSC
MSC
AUT_REQ(1)
AUT_RES(2)
AUT_REJ(3)
After the network sends the Authentication Reject message, all MM connections in progress
are released, and the network restarts the RR connection release procedure.
Issue 01 (2007-03-15)
5-3
5 Authentication Procedure
Upon receipt of the Authentication Reject message, MS sets the update status in SIM to "U2
ROAMING NOT ALLOWED", deletes from SIM the stored TMSI, LAI and CKSN.
If the Authentication Reject message is received in the state "IMSI DETACH INITIATED",
timer T3220 shall be stopped when the RR connection is released. If possible, MS should
initiate the local release procedure after the normal release procedure is completed, or after
T3220 expires. If this is not possible (e.g. detach at power-off), the MSRR sublayer shall be
aborted.
If the Authentication Reject message is received in any other state, MS shall abort any MM
connection establishment or call re-establishment procedure, stop any of the timers T3210 or
T3230 (if running), release all MM connections, reset and start timer T3240, and enter the
state "WAIT FOR NETWORK COMMAND", expecting the release of the RR connection. If
the RR connection is not released within a given time controlled by the timer T3240, MS shall
abort the RR connection. In both cases, either after a RR connection release triggered from the
network side or after a RR connection abort requested by the MS side, MS shall enter the
substate "NO IMSI" of "MM IDLE".
SIM unregistered
If the SIM of an MS has not been registered on the network side, the network will directly
return an Authentication Reject message to the MS.
5-4
Issue 01 (2007-03-15)