Method of implementing authentication of high-rate packet data services

US 20060121895A1
Filed: 11/15/2005
Published: 06/08/2006
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A method for implementing authentication of high-rate packet data (HRPD) services, the method comprising the steps of:

(A) an Access Terminal (AT) taking user information in a User Identity Module (UIM) as a user identifier and starting the authentication of extended authentication protocol (EAP);

(B) a Mobile Switching Center/Visiting Location Register (MSC/VLR) obtaining a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and

, (C) the AT calculating a second authentication number based on said random number and SSD stored in the AT, the MSC/VLR judging by comparison whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method for implementing authentication of high rate packet data (HRPD) services, applicable to multi-mode networks including IS95/CDMA2000 1x and CDMA2000 HRPD networks. The method includes an Access Terminal (AT) using the user information in the User Identity Module (UIM) as the user identifier and starting an authentication in accordance with the Extended Authentication Protocol (EAP). A Mobile Switching Center (MSC)/Visiting Location Register (VLR) obtains a random number and a first authentication number based on the user identifier, and the AT calculates a second authentication number based on said random number. The MSC/VLR compares the first authentication number with the second authentication number to determine whether they are consistent. If consistent, the authentication is successful. Otherwise, the authentication is aborted. With the disclosed method, authentication can be made by using the original MSC and HLR/AC in the CDMA IS95 or CDMA2000 1x network. The method allows low cost and easy operation for the user as well as convenient maintenance for the operator.

Citations

10 Claims

1. A method for implementing authentication of high-rate packet data (HRPD) services, the method comprising the steps of:
- (A) an Access Terminal (AT) taking user information in a User Identity Module (UIM) as a user identifier and starting the authentication of extended authentication protocol (EAP);
  
  (B) a Mobile Switching Center/Visiting Location Register (MSC/VLR) obtaining a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and
  
  , (C) the AT calculating a second authentication number based on said random number and SSD stored in the AT, the MSC/VLR judging by comparison whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, after the authentication succeeds, further comprising the step of (D) the MSC/VLR judging whether a user has subscribed to HRPD service, and if yes, MSC returning Service Accept to the AT via an Access Network (AN), and otherwise, returning Service Reject to AT via AN.
  - 3. A method according to claim 2, wherein said judging whether the user has subscribed to HRPD service in step (D) comprises judging through the user identifier whether the user has subscribed to HRPD service.
  - 4. A method according to claim 1, further comprising, after the authentication fails, MSC notifying a Home Location Register (HLR) that the authentication failed, and the HLR re-calculating SSD and updating SSDs at a terminal side and the network side.
  - 5. A method according to claim 1, wherein step (A) further comprises the steps of:
    - (A1) after receiving the request from AN for the user identifier, the AT obtaining the user identifier from the UIM and sending the user identifier to the AN; and
      
      , (A2) after receiving the user identifier, the AN sending the user identifier to MSC.
  - 6. A method according to claim 5, wherein, in step (A1), the AN requests the user identifier from the AT through a PPP/EAP-Request/Identity message, and the AT sends the user identifier to the AN through a PPP/EAP-Response/Identity message, and wherein, in step A2, the AN sends the user identifier to the MSC/VLR through a CM Service Request message.
  - 7. A method according to claim 6, wherein step (B) further comprises the steps of:
    - (B1) after receiving the CM Service Request message, the MSC/VLR sending to an Home Location Register (HLR) an authentication request, AUTHREQ, based on the user identifier contained in the CM Service Request message;
      
      (B2) after receiving the AUTHREQ, the HLR initiating to the MSC/VLR a response, authreq, which includes the random number and the first authentication number;
      
      (B3) after receiving the authreq, the MSC/VLR sending to the AN a unique inquiry Authentication Request message, wherein the authreq includes said random number; and
      
      , (B4) after receiving the Authentication Request message, the AN converting this message into a message of EAP-UIM protocol and sending the converted message to the AT through a PPP/EAP-Request/UIM/Challenge message.
  - 8. A method according to claim 1, wherein step (C) further comprises the steps of:
    - (C1) the AT sending the calculated second authentication number to AN through a PPP/EAP-Response/UIM/Challenge message of EAP-UIM protocol; and
      
      , (C2) after receiving the message, the AN sending the second authentication number to MSC through a unique inquiry Authentication Response message.
  - 9. A method according to claim 1, wherein, in step (B), MSC obtains a random number and a first authentication number from an Home Location Register (HLR) according to the user identifier.
  - 10. A method in claim 1, wherein, in step (B), MSC obtains said random number and first authentication number from VLR according to the user identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Guo, Shikui, Li, Zhuo, Zou, Fengshao, Gao, Jianghai, Li, Wenxian

Granted Patent

US 7,515,906 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/433
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

Method of implementing authentication of high-rate packet data services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method of implementing authentication of high-rate packet data services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links