1. Field of the Invention
The present invention relates to the Code Division Multiple Access 2000 (hereinafter referred to as cdma2000) and High Rate Packet Data (hereinafter referred to as HRPD) dual-mode terminals, especially to a method and device for authenticating mobile station with Removable User Identity Module (hereinafter referred to as R-UIM) by using Cellular Authentication and Voice Encryption (hereinafter referred to as CAVE) algorithm.
2. Description of the Related Art
The cdma2000 network has been widely applied commercially all over the world. In this kind of network, a Challenge Handshake Authentication Protocol (hereinafter referred to as CHAP) based on the CAVE algorithm has been adopted to verify the legitimacy of the access terminals. This authentication system has perfect methods on illegal attack-protecting. A Mobile Station's (hereinafter referred to as MS) privacy key (A-key) and the CAVE algorithm are stored in the MS and the cdma2000 network's Authentication Centre (hereinafter referred to as AuC) respectively. The authentication process mainly includes such two procedures as the update of Shared Secret Data (SSD) and the implementation of authentication. Part A of the Shared Secret Data (SSD_A) is used for access authentication. According to specific conditions, the network sends a message including a segment of random values to the MS and the AuC respectively to update the SSD_A data. After this message is received by the MS and the AuC respectively, the included random values, the A-key and other parameters are together input into the “SSD_GENEREATION PROCEDURE” to generate an SSD_A through calculation. After confirming the correctness, the old SSD_A is replaced with the new one which will be used as the key for the access authentication. When an authentication is needed to be done on a terminal, the network sends an authentication request message to the MS and the AuC, including a segment of random values. After this message is received by the MS and the AuC respectively, the authentication results are calculated in the MS and the AuC by the random values included in the message, the SSD_A and other parameters according to the CAVE algorithm. The MS sends the authentication result to the AuC. By comparing the differences between the authentication results, the MS can be authenticated to be valid or not. In cdma 2000 network's practice, the A-key can be stored in two modes. One is that it is stored in the MS, and the corresponding CAVE algorithm is also implemented in the MS and in this case, the MS has no an R-UIM. The other is that the A-key is stored in an R-UIM, and the corresponding CAVE algorithm is also implemented in the R-UIM card. In this case, the MS is called a MS has an R-UIM. High Rate Packet Data (hereinafter referred to as HRPD) network is an upgrade of cdma2000 network and has been gradually adopted in commercial application all over the world. As prescribed in the corresponding standard of the 3G Partnership Project 2 (hereinafter referred to as 3GPP2), if the access authentication is adopted by the HRPD network, the authentication mode should also be the CHAP authentication, but no detailed encryption algorithm is specified explicitly, which can be specified by the particular operator. Both HRPD network and the cdma2000 network are independent of each other, and no information exchanges between them. The subscribers can share the services through the dual-mode terminals that support both the cdma2000 network and the HRPD network, and this category of subscriber is the main cluster of HRPD network subscribers. In the following sections, except specifically pointed out, the dual-mode terminals refer to the cdma2000/HRPD ones.
At present, the operations carried out by the R-UIM card mainly includes SSD management, authentication calculation and so on. The SSD is used for the calculations of all authentication and the generation of the subsequent privacy keys. The SSD is derived from the “A-key” in the R-UIM card. When the network sends an UPDATE SSD command (which contains a RANDSSD parameter), the SSD update process starts. The network that the relevant subscriber belongs to is the unique entity to update the subscriber's SSD, as shown in FIG. 3. When the network initiates an SSD update process to a certain subscriber, the subscriber's MS firstly stores a RANDSSD parameter and then generates a random values RANDSeed. The MS transfers the RANDSeed parameter to the R-UIM card and starts to perform the Base Station Challenge function. Then, the R-UIM card generates a RANDBS parameter. The relationship between the RANDBS and the RANDSeed is prescribed by the distributor of the R-UIM card. For instance, in the R-UIM card, the RANDBS can be set to equal to the RANDSeed. The RANDBS parameter can be derived by implementing the pseudorandom process to the RANDSeed, or generated individually without respect to the RANDSeed. A Base Station Challenge command cause the R-UIM card to transmit the RANDBS parameter to the MS and in turn to the network.
In succession, the MS sends the command including the RANDSSD parameter to the R-UIM card to implement the SSD update process, as shown in FIG. 4. Then, a SSD value and a RANDBS response value AUTHBS are calculated by the R-UIM card. Here, the choices of ESN and UIMID (identity of UIM) for the calculations have been determined in advance according to corresponding indications when the R-UIM is inserted into a terminal.
In the network side, the RANDSSD parameter is used to generate a new SSD value for the selected R-UIM card. After receiving the RANDBS parameter from the MS, the network calculates the AUTHBS with the new SSD, and then sends the AUTHBS to the MS. The MS regards the received AUTHBS as the parameter of the Confirm SSD command and sends it to the R-UIM card. The R-UIM card compares the received AUTHBS with that calculated by itself, and if they are just the same, the SSD update process succeeds, then the SSD will be stored in the R-UIM card's semi-permanent memory for after coming authentication calculations. If the two AUTHBS values are different, the R-UIM discards the new SSD but remains the original one, as shown in FIG. 5.
The authentication process is the process of a terminal's legitimacy verification. Its basic operations are illustrated in FIG. 6:
The AuC sends a Chap Challenge message to an MS, including a 32-bit long random values RAND. The MS takes the RAND and the SSD_A as the inputs of the CAVE algorithm to calculate an 18-bit long authentication parameter1, then the MS sends this parameter1 to the AuC by an Authentication Challenge Response message, and the AuC compares the authentication parameter1 with the parameter2 calculated by itself with the same method. If they are just the same, the authentication passes, otherwise, the MS is rejected to access the network.
(2) The message flow of the existing HRPD network on access authentication
The HRPD network's access authentication includes the following message flow (as shown in FIG. 7):
an access network (AN) sends the Chap Challenge message to an access terminal(AT), including the random values; 701
The access terminal receives the Chap Challenge message, and then calculates the authentication parameter 1 with the received Random values. In the figure, the encryption algorithm MD5 is taken as an example to make further explanations; 702
The terminal sends a Chap Response message to the AN, including information of AT's Network Access ID (NAI), random values, the authentication parameter 1 and so on; 703
After receiving the Chap Response message from the AT, the AN sends a Radius Access Request message to AN-AAA, including the three parameters included in the Chap Response message; 704
The AN-AAA regards the Random values and the local Password (AN-AAA Password and the AT's Password are just the same) as input value to calculate the authentication parameter 2 using the MD5 algorithm; 705
The AN-AAA compares the authentication parameter 1 with the authentication parameter 2; 706
If they are equal to, it sends a Radius Access Accept message to the AN, indicating that the authentication passes the; 707
If the authentication parameter 1 is not the same as the authentication parameter 2, the AN-AAA sends a Radius Access Reject message to the AN to reject the access of the terminal; 708
After receiving the Radius Access Accept message, the AN sends a Chap Success message to the terminal, indicating that the authentication process is successful; 709
And after receiving the Radius Access Reject message, the AN sends the Chap Failure message to AT, indicating that the authentication process failure. 710
In practice, the voice service is normally provided by means of the cdma2000 network and the high rate data service is normally provided by means of the HRPD network. Therefore, the dual-mode terminals that support not only the cdma2000 network but also the HRPD network will take up a sizable share. Because the cdma2000 network is generally established ahead of the HRPD network, some subscribers of the HRPD network are upgraded from that of the cdma2000 network.
The existing R-UIM cards only support the CAVE algorithm. For a cdma2000/HRPD dual-mode terminals has an R-UIM, the R-UIM card is the unique identifier of subscriber's legitimacy. Therefore, as the cdma2000 network has been launched into operation and holds a lot of subscribers, how to realize the HRDP network's access authentication by reusing the existing R-UIM cards' cdma2000/HRPD dual-mode terminal is a challenge to the HRPD network construction.