The present invention concerns authentication of a subscriber, particularly authentication of a subscriber who is roaming in a network other than his home network.
The general procedure for performing an authentication is described in the following in short. The authentication procedures are similar in GSM and UMTS. Thus, in the following the authentication procedure is described by referring to GSM as an example.
An authentication is usually required when a subscriber registers to the network services. Also an authentication may be required when a connection is established, i.e. when originating or terminating a call. The authentication is performed, for example, in an Authentication Center (AuC) which is usually provided in the Home Location Register (HLR). The VLR to which the MS is currently connected requests a parameter set consisting of a random number RAND (usually, 128 bit) and a scheduled result (RES) from the HLR and sends the RAND to the MS. In turn, the MS has to calculate a result CRES from the number RAND.
The SIM card of the subscriber comprises a secret subscriber key Ki which is, apart from the SIM, only know to the network operator (HLR/AuC). The SIM card also comprises an algorithm (A3). By using this algorithm, from RAND and Ki a result CRES is calculated (CRES=A3(RAND,Ki)). This result CRES is transmitted to the VLR which in turn checks whether the result is equal to the signed result received from the HLR/AuC, i.e., whether CRES=RES. If this is correct, the authentication is successful.
The above described example is the authentication procedure in GSM. As mentioned above, in UMTS, the authentication of a subscriber is performed similarly. Here, the SGSN (which corresponds to the VLR) requests a parameter set from the HSS (which corresponds to the HLR) comprising a random number RAND, the result RES (which should be the result CRES calculated by User Equipment (UE)), a ciphering key CK, an integrity key IK and an authentication token AUTN. Instead of a SIM card as in GSM, the subscriber uses a so-called USIM (Universal Services Identity Module) which is a logical module implemented e.g. inside a smart card. In comparison to GSM, under UTMS additional functions are provided by the USIM. For example, the USIM checks the authenticity of the network by using the authentication token AUTN. Nevertheless, authentication of the subscriber is performed similarly to the procedure under GSM. That is, a home network control element (like I-CSCF or the like) sends the parameter to a serving network element (i.e., the SGSN or P-CSCF) which forwards these parameters to the USIM. The USIM calculates a result RES from the random number RAND and a secret subscriber key Ki and sends the result back to the serving network element. Thus, by checking the result, it is possible to decide whether the subscriber is allowed to use the services or not.
However, in the above procedure the home network control element (e.g., I-CSCF (Interrogating Call State Control Function) or S-CSCF (serving Call State Control Function)) completely transfers the decision to the serving network element (e.g., P-CSCF (proxy CSCF)). This is acceptable as long as both network elements are operated by the same network operator or the network operators can fully trust on each other. However, in case different networks operated by different network operators are concerned, there might arise security problems.
For example, the visited network can have such a structure that the home network operator might fear that the visited network is easy to manipulate. That is, someone which is not authorized can try to authenticate himself as a subscriber to the home network operator. Now, the not authorized person might be able to overrule the authentication procedures in the visited network. Thus, the visited network indicates to the home network that the authentication was positive although the authentication was not performed or was corrupted. This is particular a problem in case of a world wide roaming, which is possible in UMTS. In addition, this can be a problem for the Internet Multimedia Core Network Subsystem IM CN SS, since here, for example, different service costs might have to be paid. Thus, a non-authorized person cannot be charged or the real subscriber can be charged although he has not used the service.