Over-the-air activation ("OTA") refers to a procedure that allows a prospective subscriber of a new wireless service to gain authorized access to the service through the wireless system itself. The alternative to OTA is often much more time consuming, such as gaining access to a new system through an authorized dealer.
OTA requires the exchange of billing-related information between the prospective customer and the authentication center of the wireless system. This information, of course, is private and sensitive. Should it be intercepted during the exchange, it may be used to fraudulently gain access to another wireless system. Accordingly, OTA procedures require that such billing-related information be exchanged over a protected wireless channel.
For many wireless systems, such as those characterized as CDMA cellular systems, the generation of valid privacy masks (such as voice privacy and message encryption on the traffic channel) may only be accomplished at the time of call setup (e.g., during call origination or termination). For OTA, however, the authentication parameters are not valid for the first activation call setup, so privacy masks cannot be generated during the first call.
To accommodate this limitation in a cellular setting, for example, the task may be accomplished through a "Re-Origination" procedure. The Re-Originate message causes the mobile to release the initial service call and then to automatically call back the activation center of the wireless system. For the subsequent call, an "authentication" procedure is initiated by the system, using shared secret data ("SSD") known only to the system and the mobile station (as well as other data). If the output of the procedure generated and transmitted by the base station matches the result of the same procedure performed internally by the system, then the identity of the mobile station used by the caller is authenticated, and the proper masks are generated by the system. Sensitive data may then be transmitted.