1. Field of the Invention
The present invention generally relates to an authentication method for a GSM system and, more particularly, to a roaming authentication method for a GSM system that is able to provide a secure authentication mechanism when executed via a public channel.
2. Description of the Related Art
As compared to the conventional communication systems with analogous modulations, Global System for Mobile Communication (GSM) is able to transmit digital data and provide a larger amount of services along with higher security due to the adoption of digital modulation, identification authentication, message encryption, etc. Thus, GSM system has been adopted worldwide.
FIG. 1 shows a block diagram of a conventional GSM system 8 which comprises a user end 81 (i.e. a mobile station), a visitor end 82 (i.e. a visitor location register, VLR) and a home end 83 (i.e. a home location register, HLR). The visitor end 82 is coupled between the user end 81 and the home end 83. In the conventional GSM system 8 above, it is assumed that the data channel between the visitor end 82 and the home end 83 is secure (i.e. a secure channel SC), and the visitor end 82 and the home end 83 have a reliable data transmission system with each other.
In the above configuration, it is required to perform a conventional roaming authentication process when the user end 81 requests a roaming service from the visitor end 82. In the roaming authentication process, the user end 81 requests the roaming service from the visitor end 82. The visitor end 82 then obtains authentication data from the home end 83 (which consists of a plurality of sets of {RAND,SRES,Kc} data) and selects a random code RAND from the authentication data. The random code RAND is sent to the user end 81 which, in turn, correspondingly generates an authentication signature code SRES′. The authentication signature code SRES′ is sent to the visitor end 82 for authentication purposes. Based on this, the visitor end 82 is able to authenticate the user end 81 and to provide the user end 81 with required roaming service if the authentication result is positive.
The data transmitted between the visitor end 82 and the home end 83 (such as the authentication data) is in the form of cleartext, and it requires that the visitor end 82 and the home end 83 have a reliable data transmission system with each other. However, the data channel between the visitor end 82 and the home end 83 may not be secure (namely, the visitor end 82 and the home end 83 do not have a reliable data transmission system with each other) if the user end 81, the visitor end 82 and the home end 83 transmit data to each other via public channels. As a result, the conventional roaming authentication method is usually not performed through public channels where data interruption or interception is possible.
As stated above, the conventional roaming authentication method requires that the data channel between the visitor end 82 and the home end 83 is secure. However, this is not possible when data is transmitted between different communication systems. Moreover, the larger distance the data is transmitted the larger possibility the data experiences interruption or interception. Therefore, the visitor end 82 authenticates the home end 83 in a secure manner only when the communication systems are the same and the transmission distance is short. Disadvantageously, the conventional roaming authentication method cannot provide high security when the communication systems are different and the transmission distance is long. Thus, the use of the conventional roaming authentication method is limited.
Furthermore, since the calculation capability of the user end 81 is limited, it is required to reduce the amount of tasks of the user end 81 to improve the conventional roaming authentication method.
In conclusion, since the conventional roaming authentication method has a limited use and requires that the data channel between the visitor end 82 and the home end 83 is secure, it is inflexible and inconvenient to use the conventional roaming authentication method. As such, it is necessary to improve the conventional roaming authentication method for the above GSM system 8.
Furthermore, FIG. 2 shows a block diagram of another conventional GSM system 9 which comprises a user end 91, a new visitor end 92a (i.e. a new visitor location register, VLR), an old visitor end 92b (i.e. an old visitor location register, VLR) and a home end 93 (i.e. a home location register, HLR). The new visitor end 92a is coupled between the user end 91 and the old visitor end 92b. The home end 93 is coupled to the old visitor end 92b. In the conventional GSM system 9 above, it is assumed that the data channel between the new visitor end 92a and the old visitor end 92b is secure (i.e. a secure channel SC), as well as that the data channel between the old visitor end 92b and the home end 93 is secure (i.e. a secure channel SC). It is also assumed that the new visitor end 92a and the old visitor end 92b have a reliable data transmission system with each other.
In the above configuration, it is required to perform a conventional roaming authentication process when the user end 91 moves from the signal range of the old visitor end 92b to that of the new visitor end 92a. In the case scenario, the user end 91 switches to request the roaming service from the new visitor end 92a instead of the old visitor end 92b. In this regard, the user end 91 requests the roaming service from the new visitor end 92a. The new visitor end 92a then acquires authentication data from the old visitor end 92b (which consists of a plurality of sets of {RAND,SRES,Kc} data) and selects a random code RAND from the authentication data. The random code RAND is sent to the user end 91 which, in turn, correspondingly generates an authentication signature code SRES′. The authentication signature code SRES′ is sent to the new visitor end 92a for authentication purposes. Based on this, the new visitor end 92a is able to authenticate the user end 91 and to provide the user end 91 with required roaming service if the authentication result is positive.
The data transmitted between the new visitor end 92a and the old visitor end 92b (such as the authentication data) is in the form of cleartext, and it requires that the new visitor end 92a and the old visitor end 92b have a reliable data transmission system with each other. However, the data channel between the new visitor end 92a and the old visitor end 92b may not be secure (namely, the new visitor end 92a and the old visitor end 92b do not have a reliable data transmission system with each other) if the user end 91, the new visitor end 92a and the old visitor end 92b transmit data to each other via public channels. As a result, the conventional roaming authentication method is usually not performed through public channels where data interruption or interception is possible.
As stated above, the conventional roaming authentication method requires that the data channel between the new visitor end 92a and the old visitor end 92b is secure. However, this is not possible when data is transmitted between different communication systems. Moreover, the larger distance the data is transmitted the larger possibility the data experiences interruption or interception. Therefore, the new visitor end 92a authenticates the old visitor end 92b in a secure manner only when the communication systems are the same and the transmission distance is short. Disadvantageously, the conventional roaming authentication method cannot provide high security when the communication systems are different and the transmission distance is long. Thus, the use of the conventional roaming authentication method is limited.
In conclusion, since the conventional roaming authentication method has a limited use and requires that the data channel between the new visitor end 92a and the old visitor end 92b is secure, it is inflexible and inconvenient to use the conventional roaming authentication method. As such, it is also necessary to improve the conventional roaming authentication method for the above GSM system 9.