The present invention concerns authentication of a subscriber, and particularly a registration involved in such an authentication.
The general procedure for performing an authentication is described in the following in short. The authentication procedures are similar in GSM and UMTS. Thus, in the following the authentication procedure is described by referring to GSM as an example.
An authentication is usually required when a subscriber registers to the network services. Also an authentication may be required when a connection is established, i.e. when originating or terminating a call. The authentication is performed, for example, in an Authentication Center (AuC) which is usually provided in the Home Location Register (HLR). The VLR to which the MS is currently connected requests a parameter set consisting of a random number RAND (usually, 128 bit) and a scheduled result (RES) from the HLR and sends the RAND to the MS. In turn, the MS has to calculate a result CRES from the number RAND.
The SIM card of the subscriber comprises a secret subscriber key Ki which is, apart from the SIM, only known to the network operator (HLR/AuC). The SIM card also comprises an algorithm (A3 ). By using this algorithm, from RAND and Ki a result CRES is calculated (CRES=A3 (RAND,Ki)). This result CRES is transmitted to the VLR which in turn checks whether the result is equal to the signed result received from the HLR/AuC, i.e., whether CRES=RES. If this is correct, the authentication is successful.
The above described example is the authentication procedure in GSM. As mentioned above, in UMTS, the authentication of a subscriber is performed similarly. Here, the SGSN (which corresponds to the VLR) requests a parameter set from the HSS (which corresponds to the HLR) comprising a random number RAND, the result RES (which should be the result CRES calculated by User Equipment (UE)), a ciphering key CK, an integrity key IK and an authentication token AUTN. Instead of a SIM card as in GSM, the subscriber uses a so-called USIM (Universal Services Identity Module) which is a logical module implemented e.g. inside a smart card. In comparison to GSM, under UTMS additional functions are provided by the USIM. For example, the USIM checks the authenticity of the network by using the authentication token AUTN.
Nevertheless, authentication of the subscriber is performed similarly to the procedure under GSM. That is, a home network control element (like I-CSCF or the like) sends the parameter to a serving network element (i.e., the SGSN or P-CSCF) which forwards the parameters RAND and AUTN to the USIM. The USIM calculates a result RES from the random number RAND and a secret subscriber key Ki and sends the result back to the serving network element. Thus, by checking the result, it is possible to decide whether the subscriber is allowed to use the services or not.
However, in the above example the subscriber has to forward critical information to the network. In particular, it has to be assured that the critical fields in the SIP registration, e.g., To From and Contact are not corrupted, manipulated or the like.
This problem also occurs in other cases in which a user has to perform an initial registration.