1. Field of the Invention
The present invention relates to authentication of users in a communication system, and more particularly to the authentication of users in a wireless network as the user roams between two communication systems with differing authentication schemes.
2. Description of the Related Art
There are currently different communication standards utilized in the U.S., Europe, and Japan. The U.S. currently utilizes three major systems, with differing standards. The first system is a time division multiple access system (TDMA) and is governed by IS-136, the second system is a code division multiple access (CDMA) system governed by IS-95, and the third is the Advanced Mobile Phone System (AMPS). All three communication systems use the IS-41 standard for intersystem messaging, which defines the authentication procedure.
In TDMA, users share a frequency band, each user""s speech is stored, compressed and transmitted as a quick packet, using controlled time slots to distinguish them, hence the phrase xe2x80x9ctime divisionxe2x80x9d. At the receiver, the packet is decompressed. In the IS-136 protocol, three users share a given channel.
Traditional systems transmit a single strong signal, perhaps intermittently, on a narrow band. In contrast, CDMA works in reverse, sending a weak but very broad band signal. A unique code xe2x80x9cspreadsxe2x80x9d the signal across the wide area of the spectrum (hence the alternative namexe2x80x94spread spectrum), and the receiver uses the same code to recover the signal from the noise. A very robust and secure channel can be established, even for an extremely low-power signalxe2x80x94theoretically, the signal can be weaker than the noise floor. Further, by using different codes, a number of different channels can simultaneously share the same spectrum, without interfering with each other.
The AMPS system is an analog system.
Europe utilizes the Global System for Mobiles (GSM) network as defined by the European Telecommunications Standard Institute (ETSI). GSM now has the support of 80 operators in over 40 countries including countries outside of Europe. GSM is a TDMA standard, with 8 users per channel. The speech is taken in 20 msec windows, which are sampled, processed, and compressed.
GSM is transmitted on a 900 MHz carrier. There is an alternative system operating at 1.8 GHz (DCS 1800), providing additional capacity, and is often viewed as more of a personal communication system (PCS) than a cellular system. In a similar way, the U.S. has also implemented DCS-1900, another GSM system operating on the different carrier of 1.9 GHz.
Personal Digital Cellular (PDC) is the Japanese standard, previously known as JDC (Japanese Digital Cellular). A TDMA standard similar to the U.S. IS-54 protocol, PDC is not in use anywhere else in the world.
The GSM network utilizes a user identification module (UIM) which is a credit card size card which is owned by a subscriber, who slides the UIM into any GSM handset to transform it into xe2x80x9ctheirxe2x80x9d phone. It will ring when their unique phone number is dialed, calls made will be billed to their account; all options and services connect; voice mail can be connected and so on. People with different UIMs can share one xe2x80x9cphysicalxe2x80x9d handset, turning it into several xe2x80x9cvirtualxe2x80x9d handsets, one per UIM.
Similar to the U.S. systems, the GSM network also permits xe2x80x9croamingxe2x80x9d, by which different network operators agree to recognize (and accept) subscribers from other networks, as phones (or UIMs) move. So, British subscribers can drive through France or Germany, and use their GSM phone to make and receive calls (on their same UK number), with as much ease as an American businessman can use a phone in Boston, Miami, or Seattle, within any one of the U.S. systems.
Regardless of the telephone communication system, when a subscriber places a call, his or her telephone indicates to the service provider the identity of the caller for billing purposes. The service provider must then xe2x80x9cauthenticatexe2x80x9d the identity of the caller in order to ensure that he or she is an authorized user.
The GSM authentication scheme is illustrated in prior art FIGS. 1 and 2. This authentication scheme includes a home location register (HLR) 10, a visiting location register (VLR) 20, and a mobile terminal (MT) 30, which includes a UIM 32. When the mobile terminal 30 places a call, a request is sent to the home location register 10, which generates an authentication triplet (RAND, SRES, Kc) from a root key Ki. The triplet includes a random number RAND, a signed response SRES, and a session key Kc. The triplet is provided to the visiting location register 20, which passes the random number RAND to the mobile terminal 30. The UIM 32 receives the random number RAND, and utilizing the root key Ki, the random number RAND, and an algorithm A3, calculates a signed response SRES. The UIM 32 also utilizes the root key Ki and the random number RAND, and an algorithm A8 to calculate the session key Kc.
The SRES, calculated by the UIM 32, is returned to the visiting location register 20, which compares this value from the SRES received from the home location register 10, in order to authenticate the subscriber using the mobile terminal 30.
In the GSM xe2x80x9cchallenge/responsexe2x80x9d authentication system, the visiting location register 20 never receives the root key Ki being held by the UIM 32 and the home location register 10. The VLR 20 also does not need to know the authentication algorithms used by the HLR 10 and UIM 32. Also, in the GSM authentication scheme, the triplet must be sent for every phone call by the home location register 10. RAND is 128 bits, SRES is 32 bits, and Kc is 64 bits, which is 224 bits of data for each request, which is a significant data load.
The IS-41 authentication scheme, used in U.S. TDMA, CDMA and AMPS systems, is illustrated in prior art FIGS. 3(a), 3(b) and 4. This authentication scheme involves a home location register (HLR) 40, a visiting location register (VLR) 50, and a mobile terminal (MT) 60, which includes a UIM 62. The root key, known as the A_key, is stored only in the HLR 40 and the UIM 62. There is a secondary key, known as Shared Secret Data SSD, which is sent to the VLR 50 during roaming. SSD is generated from the A_key and a random seed RANDSSD using a cryptographic algorithm, as illustrated in FIG. 3(a). In the IS-41 network, this algorithm is CAVE (Cellular Authentication and Voice Encryption). When the MT 60 roams to a visiting network, the VLR 50 sends an authentication request to the HLR 40, which responds by sending that subscriber""s SSD.
Once the VLR 50 has the SSD, it can authenticate the MT 30 independently of the HLR 40, as illustrated in FIG. 3(b). The VLR 50 sends a random number RAND to the UIM 62 via the MT 60, and the UIM 62 calculates the authentication response (AUTHR) using RAND and the stored value of SSD in UIM 62. AUTHR is returned to the VLR 50, which checks it against the value of AUTHR that it has independently calculated in the same manner. If the two AUTHR values match, the MT 60 is declared valid.
This scheme is efficient in two ways. One, the amount of data passed over the long-distance signaling link between the HLR 40 and the VLR 50 is very small (the 128-bit SSD), and one such transfer is sufficient for the entire registration period. Two, the VLR 50 may authenticate the user before assigning a traffic channel which is possible because RAND can be generated locally and need not be generated by the HLR 40.
To generate encryption session keys, the internal state of the CAVE algorithm is preserved after the authentication calculation. Several levels of encryption keys are then calculated using the post-authentication state of CAVE and the current value of SSD, as illustrated in FIG. 4.
The goal of the International Mobile Telecommunicationsxe2x80x942000 (IMT-2000) standards development effort is to provide a global telecommunications system which will support a phone subscription anywhere in the world and will also permit a subscriber to xe2x80x9croam globallyxe2x80x9d. In order to realize this system, interfaces must be provided between the various systems (GSM, IS-41, PDC, etc.) which permit subscribers from different systems to xe2x80x9croamxe2x80x9d into other systems. Currently such xe2x80x9cglobalxe2x80x9d roaming is unavailable. The International Telecommunication Union (ITU) is working to develop standards which allow global roaming which will be accomplished with a standardized network-to-network interface (NNI) and UIM-MT interface, which must be capable of passing messages which permit proper authentication of the identity of each caller.
Several types of global roaming are permitted including: removable UIMs, multi-mode terminals (terminals that can communicate with more than one air interface standard), and downloadable UIMs (terminals which receive service profile information over the air). All three roaming scenarios are equivalent for the purposes of the present invention. What matters is that a UIM from one network is visiting a network with a different authentication scheme, and the UIM must be authenticated using the security architecture of the local network.
The present invention addresses the authentication problem by providing an authentication interoperability function (AIF) that permits the authentication of users as they roam between networks that use different authentication schemes. More specifically, interoperability is possible if one network uses stored authentication triplets and a second network uses shared secondary keys, also known as shared secret data (SSD).
An authentication interoperability function (AIF) translates between the authentication schemes of each family of communication networks (IS-41, GSM, PDC) The AIF may be located at the HLR (Home Location Register) or AC (Authentication Center) of the home network, the VLR (Visited Location Register) of the visited network, or as a stand-alone interworking function (IWF) located elsewhere in the network.
When a user from a network that natively uses SSD authentication roams into a triplet-based network, the AIF will produce triplets from the current SSD. When a triplet user roams into an SSD network, the AIF will produce SSD from triplet(s).
The AIF of the present application preserves the current authentication architecture in each communication network family (GSM, IS-41, PDC), concentrates the changes which make the two communication networks compatible to the AIF, the Network-to-Network Interface (NNI), and the User Identity Module (UIM), and preserves the current level of security in each system.