1. Field
The present invention relates generally to authentication in mobile communication networks, and more particularly to the use of authentication data to indicate an instruction.
2. Background
Mobile communication applications generally share a need for mutual authentication between a communications server and a subscriber (user equipment or mobile station) before communication is initiated. One authentication mechanism is based on a secret shared between the communicating entities, and there are numerous authentication protocols that rely on this pre-shared secret. Exemplary protocols relying on a pre-shared secret include HTTP (Hypertext Transport Protocol) Digest, IKE (Internet Key Exchange), and mechanisms based on username and password.
The mobile communications system authentication features described herein can be implemented in a variety of communications networks requiring authentication between communication entities. FIG. 1 is a block diagram of an exemplary communicating network entities involved in authentication. An exemplary mobile telecommunications system for purposes of explaining embodiments of the invention is the Universal Mobile Telecommunications System (UMTS), which is a third Generation (3G) mobile system configured to implement broadband multi-media mobile telecommunications technology.
In order for a subscriber's user equipment (UE, or mobile station) to establish a communication session with a network element, the user equipment UE performs an authentication and key agreement with the network element. An exemplary security mechanism is the UMTS Authentication and Key Agreement (AKA), which implements authentication and key agreement features for the UMTS network. AKA achieves mutual authentication between the user and the network using knowledge of a secret key K which is shared between and available only to a user's subscriber identity module (SIM) at the mobile station (user equipment) and an authentication center in the user's home network. A SIM employed in the UMTS network may be referred to as a USIM, wherein the USIM is configured to perform authentication and key agreement processes in the UMTS network. The UMTS authentication and key agreement process is described in more detail in reference to FIGS. 1-3.
The core network of a UMTS comprises a Mobile services Switching Center (MSC) which serves as the interface between the mobile network and external fixed circuit switched telephone networks such as the PSTN. The MSC is configured to route calls from the external networks to individual mobile stations and perform the switching and signaling functions for mobile stations located in the geographical area identified for the MSC.
The core network further comprises a Home Location Register (HLR), a Visitor Location Register (VLR), and an Authentication Center (AuC). The HLR is configured to store data related to each subscriber as provided by the mobile network. The Visitor Location Register (VLR) is implemented in connection with the MSC, wherein the VLR stores information related to each mobile station that roams into the geographical area served by the MSC. As a subscriber registers with different networks, the information in that subscriber's HLR is copied to the VLR in each visited network and discarded when the subscriber leaves the network. Thus, the information stored by the VLR is substantially the same information as that stored by the HLR.
With reference to FIG. 1, a simplified version of this UMTS network communication is illustrated. A local switching center 180 of a serving network performs mutual authentication with a mobile station or user equipment (UE) 160. The local switching center 180 may be a MSC with access to a VLR, and an authentication center 182 has access to the HLR for the user equipment 160. Each UE 160 comprises mobile equipment (ME) (e.g., a cell phone handset) and a UMTS Subscriber Identity Module (USIM). The USIM is stored in a removable secure integrated circuit (IC) card (USIM integrated circuit chip, or UICC) 162 which communicates with the ME, including a processor 164, to provide a subscriber with access to network services. The UICC is sometimes referred to as a SIM card or a smart card. The USIM stores subscriber identity and subscription related information, including a secret key K, performs mutual authentication functions with the communications network, provides security functions, and stores elements such as an International Subscriber Identity (IMSI), preferred language, IC card identification, and cryptographic keys.
The local switching center 180 communicates with an authentication center (AuC) 182 to obtain authentication data specific to the UE 160 to be used for mutual authentication between the local switching center 180 and the UE 160. The communication entities 180, 160 authenticate the identity of each other by demonstrating knowledge of the secret key K.
The AKA described herein for UMTS comprises a challenge/response protocol substantially similar to the GSM subscriber authentication and key establishment protocol combined with a sequence number-based one-pass protocol for network authentication derived from ISO/IEC 9798-4. FIG. 1 and FIGS. 2A-C illustrate the authentication data transmitted between the AuC 182, local switching center 180, and user equipment 160 for mutual authentication between the local switching center 180 and the user equipment 160.
According to the UMTS authentication and key agreement protocol, the local switching center 180 of the network serving the mobile subscriber's user equipment 160 requests authentication data from the AuC 182 in the subscriber's home network. The AuC 182 stores or accesses a secret key K 190a designated for the user equipment 160. The secure IC 162 at the user equipment 160 also stores the secret key K 190b. In response to the authentication request, the AuC 182 generates one or more authentication vectors using the secret key K 190a. FIG. 2A is a block illustration of an exemplary authentication vector 300 generated by the AuC 182. Each authentication vector comprises the following authentication data fields: a challenge value RAND 302, typically random or pseudo-random, a cipher key CK 304, an integrity key IK 306, an authentication token AUTN 308, and an expected response XRES 310. Each authentication token AUTN 308 includes a sequence number SQN 312, an authentication management field AMF 314, and a message authentication code MAC 316. The AuC 182 computes the message authentication code MAC 316, expected response XRES 310, cipher key CK 304, and integrity key IK 306 using the secret key K 190a and one or more of authentication management field AMF 314, the sequence number SQN 312, and the random challenge RAND 302. The AuC 182 sends the one or more generated authentication vectors 300 to the local switching center 180, which stores the authentication vectors such that the local switching center 180 can authenticate itself to the user equipment 160 and confirm the user equipment 160 is authorized to communicate in the network.
When the local switching center 180 initiates an authentication and key agreement for user equipment requesting network access, it selects one of the authentication vectors AV 300 received from the authentication center 182 and sends an authentication challenge, comprising a portion of the authentication vector, to the secure IC 162 at the user equipment 160. FIG. 2B illustrates an exemplary authentication challenge 320, comprising the value RAND 302 and authentication token AUTN 308, to the secure IC 162 at the user equipment UE 160.
The user equipment 160 uses the authentication challenge 320 to determine whether the local switching center 180 is a valid communications server, and the user equipment 160 generates and sends an authentication response to the local switching center 180 to confirm its identity. An exemplary authentication and key agreement process 400 performed at the secure IC 162 is illustrated in FIG. 3, wherein the process begins in a step 402 and proceeds to a step 404 wherein the secure IC 404 receives the authentication token AUTN 308 and value RAND 302. In a step 406, the secure IC 162 generates or computes a message authentication code XMAC based on the random challenge RAND 302, sequence number SQN 312, and authentication management field AMF 314. In a step 408, the secure IC 162 compares the generated XMAC with the received MAC 316 to authenticate the identity of the local switching center 180. If the parameters do not match, the secure IC 162 terminates the authentication in a step 410 and ends the authentication procedure in a step 412.
If the secure IC 162 determines in step 408 that the generated XMAC matches the received MAC 316, the secure IC 162 generates a response RES 326, a ciphering key CK, and an integrity key IK using the random challenge RAND 302 and secret key K 190b in step 414. The user equipment 160 transmits an authentication response 324, including the generated response RES 326, to the local switching center 180 in step 416, wherein an exemplary authentication response 324 is illustrated in FIG. 2C. The authentication and key agreement process 400 ends in step 412. Typically, the generated keys CK and IK are sent to the user's mobile equipment ME for performing data encryption during the communication.
Referring again to FIG. 1, the local switching center 180 compares the response RES 326 generated by the secure IC 162 with the expected response XRES 310 in the selected authentication vector 300. If the two parameters match, then the local switching center 180 considers the authentication and key agreement exchange to be successfully completed. Thus, the local switching center 180 and the user equipment 160 mutually authenticate their identities using knowledge of the shared secret key K 190a, b, and agree on keys CK and IK for secure communications, wherein the local switching center 180 stores the keys CK 304 and IK 306 for secure communications with the user equipment 160.
A more detailed description of the standardized authentication procedures used in a UMTS network are described in the 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Security Architecture (Release 6), 3GPP TS 33.102, V6.3.0 (December 2004), herein incorporated by reference in its entirety. In certain networks, a generic bootstrapping architecture (GBA) provides a mechanism to bootstrap application security from the AKA mechanism to authenticate a subscriber (user equipment) and establish keys for communication between a subscriber and a network function, such as an e-commerce provider.
Some of the authentication data parameters used in UMTS authentication and key agreement are proprietary and not standardized, that is, some authentication data parameters are not used in a standard manner in every network and may be used by different network operators to communicate with the user equipment in a different manner. The use of the authentication management field (AMF), for example, may be defined differently by each network operator.
Because the number of authentication data parameters used in network authentication and key agreement processes are finite, it would be advantageous to manipulate one or more of the authentication data parameters, specifically the proprietary authentication data parameters, to communicate additional information to user equipment in a standard manner. For example, where each operator defines the use of the AMF differently, the mobile equipment cannot be configured to respond to any particular value of the AMF. However, if the AMF can be used in a standardized manner, mobile equipment may be designed to interpret the AMF accordingly and respond to the interpreted value of the AMF.
There is therefore a need in the art for a method of using proprietary authentication data in a standard way across substantially all networks.