The present invention relates to an authentication method for a mobile communication system.
In a conventional authentication method, as shown in FIG. 7, upon reception of an originating request from a mobile station, a parent station (corresponding to a unit including the base station and the mobile station controller in the present invention) supplies an identification number (corresponding to a mobile station identification number in the present invention), as a set parameter, to a data base (corresponding to the data base in the present invention).
The data base sends mobile station authentication information to the parent station. The parent station then sends a CALL PROC signal to the mobile station. Subsequently, the parent station transmits a random number generated therein, as an authentication random number, to the mobile station, so as to send an authentication request (corresponding to an authentication calculation request in the present invention), thus obtaining an authentication calculation result contained in an authentication response sent from the mobile station.
This method is described, for example, as a PMT (Personal Mobile Telecommunication) signaling method in Yabusaki et al., "PMT Signaling Protocol", TECHNICAL REPORT OF IEICE, THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS, (SSE92-75) pp. 43-50.
The following method is also specified. As shown in FIGS. 8 and 9, a plurality of authentication random numbers and a plurality of authentication calculation results corresponding thereto are stored in a memory in advance, and a pair of an authentication random number and an authentication calculation result are read out when authentication is required. An authentication calculation request is then supplied to a mobile station by using the authentication random number as a set parameter, and an authentication calculation result as a response is collated with the corresponding authentication calculation result stored in the memory. If the collation result indicates coincidence, it is determined that authentication confirmation is made.
This method is described in "Security Related Network Function; Recommendation GSM 03.20 Version: 3.3.2 Date: January 1991". More specifically, referring to FIG. 8, when a BS (Base Station)/MSC (Mobile Switching Center)/VLR (Visitor Location Register) requires authentication related information of a mobile station, the BS/MSC/VLR transmits a request (Security Related Information Request) signal to an HLR (Home Location Register)/AC (Authentication Center).
Upon reception of the signal, the HLR/AC calculates a plurality of authentication calculation results SRES (1, 2, . . . , n) by using information Ki (corresponding authentication key in the present invention) of a target mobile station and a plurality of random numbers RAND (1, 2, . . . , n) generated in the HLR/AC as input parameter according to an authentication algorithm A3 (corresponding to an authentication algorithm in the present invention).
Subsequently, the plurality of authentication random numbers and the plurality of authentication calculation results generated in the HLR/AC are sent, as set parameters of a response (Authentication Vector Response) signal, to the BS/MSC/VLR.
The BS/MSC/VLR stores the received random numbers and authentication calculation results in an internal memory device. If authentication of the mobile station (corresponding to the mobile station in the present invention) is required afterward, an authenticating operation is performed by the following procedure shown in FIG. 9. The BS/MSC/VLR selects a pair of an authentication random number RAND(j) and an authentication calculation result SRES(j) for the target mobile station, and transmits an authentication request ("Authentication Request" corresponding to an authentication calculation request in the present invention) signal to the mobile station by using the authentication random number RAND(j) as a set parameter.
At this time, the mobile station uses an authentication key and an authentication random number (RAND(j)), set therein, as input parameters to perform an authentication calculation, and sends the authentication calculation result to the BS/MSC/VLR.
The BS/MSC/VLR collates the authentication calculation result SRES(j) selected in advance with the authentication calculation result sent from the mobile station. If the collation result indicates coincidence, the BS/MSC/VLR determines that authentication confirmation is made.
In the former authentication method, when the parent station sends an originating information read request to the data base, the data base sends an originating information read response signal, as a response, to the parent station, and mobile station authentication information is contained in a set parameter of the originating information read response signal. For this reason, the third person may obtain mobile station authentication information corresponding to a mobile station number (IMSE) by intercepting a signal transmitted/received between the parent station and the data base via a communication line, or by transmitting an information read request to the data base.
In the latter authentication method, the BS/MSC/VLR needs to incorporate a memory function to store a plurality of authentication calculation results corresponding to a plurality of authentication random numbers for the respective mobile stations with which the BS/MSC/VLR is associated.