1. Field of the Invention
The present invention relates generally to telecommunications, and more particularly, to cellular authentication and voice privacy. The present invention further relates to authentication functions described in the ANSI-41 standard, and more particularly, to the Shared Secret Data (SSD) sharing and authentication failure reporting functions.
2. Discussion of the Related Art
With reference to FIG. 1, a telecommunications network 10 illustrates a typical arrangement of functional entities involved in both the SSD sharing and authentication failure reporting functions. Network 10 includes a home system 12 and a serving system 14. In the home system 12, the authentication center (AC) 16 is coupled to the home location register (HLR) 18 via signal lines 17 according to the ANSI-41 standards. The home system 12 is coupled to the serving system 14 via signal lines 19 according to ANSI-41 standards. In particular, signal lines 19 extend between the home location register (HLR) 18 of the home system 12 and the visitor location register (VLR) 20 of the serving system 14. The visitor location register 20 is coupled to a mobile switching center (MSC) 22 of the serving system 14, the MSC 22 being coupled to a base station (BS) 24. The BS 24 then couples a mobile station (MS) 26 to the serving system 14, according to a given air interface protocol such as the IS54-B/IS91-A/IS136/IS95-A standards. Mobile station (MS) 26 is authentication capable and employs a cellular authentication and voice encryption algorithm (CAVE).
Authentication of a mobile station (MS) 26 in a telecommunication network 10 relates to a set of functions used to prevent fraudulent access to cellular networks by phones illegally programmed with counterfeit mobile identification (MIN) and electronic serial number (ESN) information. A successful outcome of authentication occurs when it can be demonstrated that a mobile station (MS) 26 and network 10 possess identical results of an independent calculation performed in both the MS 26 and the network 10. An authentication center (AC) 16 is the primary functional entity in the telecommunications network 10 responsible for acting as authentication controller, although, when SSD is shared, serving system 14 (i.e., the Visitor Location Register (VLR) 20) is allocated some control over the network's authentication responsibilities.
With respect to the allocated responsibilities of the serving system 14 and according to the ANSI-41 standards, the ANSI-41 shared secret data (SSD) sharing function encompasses the processes by which the authentication center (AC) 16 and the serving system 14 (i.e., the visitor location register (VLR) 20) manage the sharing of authentication responsibilities for a visiting mobile station (MS) 26. Serving system control of authentication network functions in this manner reduces the authentication-related signaling traffic between the serving and home systems and the associated call processing delays. Furthermore, shared secret data (SSD) sharing gives the serving system 14 local control over the authentication of a visiting mobile station (MS) 26. Specifically, the serving system 14 can control network functions which include: a) global challenge for all but the initial system access, when SSD sharing is not yet established; b) unique challenge, again for all but the initial system access; c) the base station challenge portion of an authentication center AC-initiated SSD update; and d) count update.
Turning now to FIG. 2, in conjunction with FIG. 1, a message flow diagram of a simple authentication failure scenario with authentication failure report (AFREPORT) and involving an authentication result (AUTHR) mismatch upon mobile origination, registration, or page response while SSD is shared with the serving system is shown. In particular, the authentication failure scenario with authentication failure report (AFREPORT) includes the following steps. In a first step, identified by reference numeral 30, when an authentication-capable mobile station (MS) accesses the system 10, the serving mobile switching center (MSC) 22 sends an authentication request (AUTHREQ) to the serving visitor location register (VLR) 20. In a next step, identified by reference numeral 32, the serving visitor location register (VLR) 20 determines that an Authentication Failure Report (AFREPORT) is necessary due to an AUTHR mismatch and sends an AFREPORT to the home location register (HLR) 18 associated with the mobile station (MS). In a next step 34, the home location register (HLR) 18 forwards the AFREPORT to the authentication center (AC) 16 of the home system 12. The authentication center (AC) 16 then determines that the mobile station (MS) should be denied access (according to the AC's internal authentication algorithms). In a next step 36, the AC 16 returns an afreport to the requesting home location register (HLR) 18 and includes a deny access parameter. In a next step 38, the home location register (HLR) 18 forwards the afreport to the serving visitor location register (VLR) 20. Lastly, in step 40, the serving visitor location register (VLR) 20 forwards the deny access parameter to the serving mobile switching center (MSC) 22 in the authreq, instructing the serving mobile switching center (MSC) 22 to deny access to the particular mobile station (MS) 26.
Turning now to FIG. 3, also in conjunction with FIG. 1, a message flow diagram of a complex authentication failure scenario with AFREPORT and involving an AUTHR mismatch upon mobile origination, registration, or page response while SSD is shared with the serving system is shown. In particular, the authentication failure scenario with AFREPORT includes the following steps. In a first step 50, when an authentication-capable mobile station (MS) 26 accesses the system 10, the serving mobile switching center (MSC) 22 sends an authentication request (AUTHREQ) to the serving visitor location register (VLR) 20. In a next step 52, the serving visitor location register (VLR) determines that an Authentication Failure Report (AFREPORT) is necessary due to an AUTHR mismatch and sends an AFREPORT to the home location register (HLR) 18 associated with the mobile station (MS) 26. In a next step 54, the home location register (HLR) 18 forwards the AFREPORT to the authentication center (AC) 16 of the home system 12. The authentication center (AC) 16 then determines that a unique challenge (U.C.) should be performed on the mobile station (MS) 26 according to the authentication center's internal authentication algorithms. In a next step 56, the AC 16 returns an afreport to the requesting home location register (HLR) 18 and includes the unique challenge (UC) parameters. In a next step 58, the home location register (HLR) 18 forwards the afreport to the serving visitor location register (VLR) 20. In a next step 60, the serving visitor location register (VLR) 20 forwards the unique challenge (U.C.) parameters to the serving mobile switching center (MSC) 22 in the authreq, instructing the serving mobile switching center (MSC) 22 to perform a unique challenge (U.C.) 62 on the mobile station (MS) 26. The serving mobile switching center (MSC) 22 then determines that the unique challenge (U.C.) fails and reports the same via an authentication status report (ASREPORT). In a next step 64, the mobile switching center (MSC) 22 sends an ASREPORT to the serving visitor location register (VLR) 20. In a next step 66, the serving visitor location register (VLR) 20, noting that the report is not for an operation it has initiated, forwards the ASREPORT to the home location register (HLR) 18 associated with the mobile station (MS) 26. In a next step 68, the home location register (HLR) 18 forwards the ASREPORT to the authentication center (AC) 16. The authentication center (AC) 16 then determines that the mobile station (MS) 26 should be denied access according to the authentication center's internal authentication algorithms. In a next step 70, the authentication center (AC) 16 returns an asreport to the requesting home location register (HLR) 18 and includes the deny access parameter. In a next step 72, the home location register (HLR) 18 forwards the asreport to the serving visitor location register (VLR) 20. In a next step 74, the serving visitor location register (VLR) 20 forwards the asreport to the serving mobile switching center (MSC) 22, instructing the serving mobile switching center (MSC) 22 to deny access to the mobile station (MS) 26.
With previous known ANSI-41 implementations, the serving system mobile switching center (MSC) 22 and visitor location register (VLR) 20 send a networking message to the authentication center (AC) 16 for every authentication failure which is encountered (FIG. 1). For each individual authentication failure networking message from the mobile switching center (MSC) 22 and visitor location register (VLR) 20, the authentication center (AC) 16 responds with the action to be taken according to its internal authentication algorithms.
While the above described sharing of authentication responsibilities for a visiting mobile station occurring between the authentication center (AC) of the home system and the serving system 14, wherein serving system control of authentication network functions as described reduces authentication-related signaling traffic between the serving and home systems and the associated call processing delays, further improvement is desired. That is, further reduction in authentication-related signaling traffic between the serving and home systems is desired. Further reduction in associated call processing delays is also desired.