1. Field of the Invention
The present invention relates to a method and Apparatus for Access Network Authentication, Authorization and Accounting server (hereinafter referred to as AN-AAA)in a High Rate Packet Data (hereinafter referred to as HRPD) network, especially to the AN-AAA method of HRPD network that simultaneously supports the CAVE and MD5 algorithms.
(2. Description of the Related Art
Code Division Multiple Access 2000 (hereinafter referred to as cdma2000) network has been widely applied commercially all over the world. In this kind of network, a Challenge Handshake Authentication Protocol (hereinafter referred to as CHAP) based on the Cellular Authentication and Voice Encryption (hereinafter referred to as CAVE) algorithm has been adopted to identify the legitimacy of the access terminals. This authentication system has relatively perfect methods on illegal attack-protecting. A Mobile Station's (hereinafter referred to as MS) privacy key (A-key) and the CAVE algorithm are stored in this MS and the cdma2000 network's authentication center respectively. The authentication process mainly includes such two procedures as the update of Shared Secret Data (SSD) and the implementation of authentication. Part A of the Shared Secret Data (SSD_A) is used for access authentication. According to specific conditions, the network sends a message including a segment of random numbers to the MS and the authentication center respectively to update the SSD_A data. After this message is received by the MS and the authentication center respectively, the included random numbers, the A-key and other parameters are together input into the “SSD_GENEREATION PROCEDURE” to generate an SSD_A through calculation. After conforming the correctness, the old SSD_A is replaced with the new one which will be used as the key for the access authentication. When an authentication is needed to be done on a terminal terminal, the network sends an authentication request message to the MS and the authentication center, including a segment of random numbers. After this message is received by the MS and the authentication center respectively, the authentication result will be calculated with the random numbers included in this message, the SSD_A and other parameters according to the CAVE algorithm. The MS sends authentication results to the authentication center. By comparing the differences between the authentication results, the MS can be authenticated to be valid. To prevent any vicious terminal from stealing others' keys, the SSD_A (which is used as the temporary privacy key) can be updated frequently. Therefore, this authentication mode has very high level of security. In practice, the A-key can be stored in two modes. One is that it is stored in the MS, and the corresponding CAVE algorithm is also implemented in the MS which the card can not be separated from the MS. The other is that the A-key is stored in the Removable User Identification Module (hereinafter referred to as the R-UIM card), and the corresponding CAVE algorithm is also implemented in the R-UIM card which the card is separatable from the MS. At present, only the MSs that the card is separatable from the MS are in service in China, while the MSs that the card can not be separated from the MS are in service in most foreign countries. The HRPD network is the upgrade of cdma2000 network and has been gradually adopted in commercial application all over the world. The HRPD network's access authentication server is called AN-AAA. As prescribed in the corresponding standard of the 3G Partnership Project 2 (hereinafter referred to as 3GPP2), if the access authentication is adopted by the HRPD network, the authentication mode should also be the CHAP authentication, but no detailed encryption algorithm is specified explicitly, which can be specified by the concrete operator. As the cdma2000 network, according to the location where the privacy key is stored, HRPD's access terminals (referred to as AT) can be divided into such two kinds as the one that the card is separatable from the AT and the one that the card can not be separated from the AT.
The HRPD network and the cdma2000 network are independent of each other. The structure of cdma2000 network is illustrated in FIG. 6 in which the information is transferred by terminals. Terminals(610) are linked with base stations(620) via over-the-air interface. The base stations(620) and base station controllers(630) constitute a radio access network for the conversion and process of the terminal's signalling and data. A mobile switch center(640) is responsible for user data and service exchange and is linked with the radio access network via interface A. A visitor location register(640) is used for the management of user's location information and implements the function of local authentication. In practice, it is often set cooperatively with the mobile switch center. A home location register(650) is responsible for saving user's permanent information and resolving the problem of user roaming. The authentication centre(650) is responsible for authentication tasks. In general, local authentication is implemented by the visitor location register(640). In practice, the home location register(650) is often set cooperatively with the authentication centre(650). The visitor location register is linked with the home location register via the interface D under the mobile application protocol ANSI-41.
FIG. 7 illustrates the structure of the HRPD network in which the information is transferred by terminals(710). The access network(720) offers the function of radio access for users. It is used for the conversion and process of terminal's signalling and data. Terminals(710) are linked with the access network(720) via the over-the-air interface, and the AN-AAA(730) is used for the tasks of authentication, authorization and accounting. In practice, no information exchanges between the cdma2000 network and the HRPD network except that they share the same packet data core network. Because the HRPD network mainly provides terminals with data service, the terminals can share the services through the dual-mode terminals that simultaneously support cdma2000 network and the HRPD network, and this category of terminal is the main cluster of terminals of the HRPD network. In the context, except specifically pointed out, the dual-mode terminals refer to the cdma2000/HRPD ones.
In order to better illustrating the present invention, FIG. 2, FIG. 3 and FIG. 4 are used to describe the operation process in the MS side during the cdma2000 network's authentication process, and FIG. 5 is used to describe the message stream which is defined in 3GPP2 when the access authentication is carried out in the HRPD network.
1) The process in the MS side during the existing cdma2000 network's authentication process.
The operation process in the MS side during the existing cdma2000 network's authentication process consists of two processes: SSD_A update procedure and the authentication procedure.
The SSD_A update process is used for improving the authentication system's capability of attack-protecting. The basic operation process is illustrated in FIG. 2:                a HLR/AC in the system sends a Shared Secrete Data Update Message to a mobile terminal, including RANDSSD which is a 56-bit long random number in step 201;        after receiving the message mentioned above, the mobile terminal initiates a SSD_A generation process. The A-key and the random number above are input into this process to generate a new shared secret data (SSD), which contains part A and part B in step 202;        
The same operation is performed in the system side in step 203;
The correctness of the operations performed above must be verified for the mobile terminal and the system. For this end, the mobile terminal generates a segment of random number and sends it to the system simultaneously in step 206. In the terminal side, both this segment of random number and the new SSD_A are input into the authentication signature program to generate a result in the terminal side in step 204;
In the system side, the same authentication signature program is performed to obtain a result of the base station side and the system sends the result of the base station to the terminal in step 205; and
The terminal compares the result from the Base Station with the result calculated by itself. If they are just the same, the SSD_A update process completes successfully, and the terminal and the system adopts the new SSD simultaneously, otherwise, the original SSD should be still in service in step 206.
During the process above, the A-key is 64-bit long, which is allocated to an MS by the operator. Only the corresponding MS and the network authentication centre (AuC) know the corresponding A-key. In a practical network, the AuC cooperates with the Home Location Register (i.e., HLR) as the HLR/AuC.
The process of generating the SSD is illustrated in FIG. 3. The parameters including the 56-bit long random number RANDSSD(310), the 32-bit long electronic serial number (in the case of using R-UIM card, which can be the R-UIM ID)(320), and the 64-bit long terminal's password A-key(330) are input into the SSD generation procedure(360). The SSD generation procedure is carried out to generate the part A(340) and part B(350) of the new 64-bit long SSD.
The authentication process is the process of a terminal's legitimacy verification whose basic operations are illustrated in FIG. 4.
The AuC sends a Challenge message to the MS, including a 32-bit long random number RAND in step 410. The MS takes the RAND and the SSD_A as the inputs of the CAVE algorithm to calculate an 18-bit long result AUTH in step 430. Then the MS sends the AUTH to the authentication center by an Authentication Challenge Response message in step 440, and the AuC compares the AUTH with the result worked out by itself with the same method. If they are just the same, the authentication passes, otherwise, this MS is rejected to access the network in step 450.
Because of the roaming problem, the SSD_A is generally shared between the HLR/AuC and the Visitor Location Register (hereinafter referred to as VLR) which is nearer the terminal to speed up the access authentication and reduce network transmission in network implementations. The connection between the VLR and the HLR/AuC is realized via the interface D in the Mobile Application Protocol (MAP) ANSI-41 prescribed by the American National Standards Institute (ANSI), through which an ANSI-41 message is transmitted.
(2) The message flows of the existing HRPD network's access authentication
The HRPD network's access authentication includes following message flows, as shown in FIG. 5:
The access network (AN) sends a CHAP Challenge message to the access terminal (AT), including the random number “Random text” in step 501.
The terminal receives the Chap Challenge message, and then calculates an authentication parameter 1 with the received random number. In the figure, the encryption algorithm MD5 is taken as an example to make further explanations in step 502.
The terminal sends a Chap Response message to the AN, including information of AT's Network Access ID (NAI), random number “text”, the authentication parameter 1 and so on in step 503.
After receiving the Chap Response message from the terminal, the AN sends a Radius Access Request message to the AN-AAA, including the three parameters included in the Chap Response message in step 504.
The AN-AAA inputs the random text and the local Password (AN-AAA Password and the AT's Password are just the same) into the MD5 algorithm to calculate an authentication parameter 2 in step 505.
The AN-AAA compares the authentication parameter 1 with the authentication parameter 2 in step 506.
If they are just the same, it sends a Authentication Access Accept message to the AN, indicating that the authentication passes. In this message, the IMSI corresponding to the NAI of this AT is included, which is used for subsequent flows by the AN in step 507.
If the authentication parameter 1 is not the same as the authentication parameter 2, the AN-AAA sends a Authentication Access Reject message to AN to reject the terminal in step 508.
After receiving the Authentication Access Accept message, the AN sends a Chap Success message to the terminal, indicating that the authentication process succeeds in step 509.
And after receiving the Authentication Access Reject message, the AN sends a Chap Failure message to the terminal, indicating that the authentication process fails in step 510.
In the procedures mentioned above, the encryption algorithm MD5 is adopted by the terminal and the AN-AAA. No specification on the adoption of encryption algorithms is given in the international standards while it can be specified by the operator.
In practice, the voice service is provided by means of the cdma2000 network and the data service is provided by means of the HRPD network. Therefore, the dual-mode terminals that support not only the cdma2000 network but also the HRPD network will take up a sizable share. Because the cdma2000 network is generally established ahead of the HRPD network, some terminals of the HRPD network are upgraded from that of the cdma2000 network. In general, the existing MSs whose cards is separatable from them support only the CAVE algorithm during the authentication process. To support the dual-mode operation, the MSs' R-UIM cards should be upgraded to the multi-mode ones, and make them support not only the CAVE algorithm but also the HRPD network's access authentication algorithms like the MD5 algorithm, etc., so as to support this two kinds of networks' authentication simultaneously. Because of a great deal of terminals, the fees spent on the upgrade of R-UIM cards will be very huge, and this operation will bring much inconvenience to the terminals as well, and by far, no multi-mode R-UIM card is on sale yet.
Therefore, as the cdma2000 network has been launched into operation and holds a lot of terminals, how to realize the dual-mode terminal's access authentication with the cost as low as possible is a challenge to the HRPD network construction.
The existing R-UIM cards only support CAVE algorithm, not only the network must be upgraded but also the R-UIM cards must be upgraded to multi-mode ones to upgrade to the HRPD network. However, following problems exsists: 1) no multi-mode R-UIM card is on sale by far; 2) considerable fees should be spent on upgrading the R-UIM cards; and 3) it is inconvenient for the terminals to replace the their R-UIM card.
Although the problems mentioned above will be avoided when the authentication problem can be overcome in terms of the network side, no function or operation flow of authenticating in terms of the HRPD network side is launched to revolve the problems above by far. Thus the present invention is proposed for it.