Method of implementing authentication of high-rate packet data services

US 7,515,906 B2
Filed: 11/15/2005
Issued: 04/07/2009
Est. Priority Date: 05/16/2003
Status: Active Grant

First Claim

Patent Images

1. A method for implementing authentication of high-rate packet data (HRPD) services, the method comprising the steps of:

(A) taking, by way of an Access Terminal (AT), user information in a User Identity Module (UIM) as a user identifier and starting an authentication of extended authentication protocol (EAP);

(B) obtaining, by way of a Mobile Switching Center/Visiting Location Register (MSC/VLR), a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and

,(C) calculating, by way of the AT, a second authentication number based on said random number and SSD stored in AT, judging, by way of the MSC/VLR, by comparing whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method for implementing authentication of high rate packet data (HRPD) services, applicable to multi-mode networks including IS95/CDMA2000 1x and CDMA2000 HRPD networks. The method includes an Access Terminal (AT) using the user information in the User Identity Module (UIM) as the user identifier and starting an authentication in accordance with the Extended Authentication Protocol (EAP). A Mobile Switching Center (MSC)/Visiting Location Register (VLR) obtains a random number and a first authentication number based on the user identifier, and the AT calculates a second authentication number based on said random number. The MSC/VLR compares the first authentication number with the second authentication number to determine whether they are consistent. If consistent, the authentication is successful. Otherwise, the authentication is aborted. With the disclosed method, authentication can be made by using the original MSC and HLR/AC in the CDMA IS95 or CDMA2000 1x network. The method allows low cost and easy operation for the user as well as convenient maintenance for the operator.

17 Citations

View as Search Results

20 Claims

1. A method for implementing authentication of high-rate packet data (HRPD) services, the method comprising the steps of:
- (A) taking, by way of an Access Terminal (AT), user information in a User Identity Module (UIM) as a user identifier and starting an authentication of extended authentication protocol (EAP);
  
  (B) obtaining, by way of a Mobile Switching Center/Visiting Location Register (MSC/VLR), a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and
  
  ,(C) calculating, by way of the AT, a second authentication number based on said random number and SSD stored in AT, judging, by way of the MSC/VLR, by comparing whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, after the authentication succeeds, further comprising the step of (D) judging, by way of the MSC/VLR, whether the user has subscribed to HRPD service, and if yes, returning, by way of the MSC/VLR, Service Accept to the AT via an Access Network (AN), and otherwise, returning Service Reject to the AT via the AN.
  - 3. A method according to claim 2, wherein said judging whether the user has subscribed to the HRPD service in step(D) comprises judging through the user identifier whether the user has subscribed to the HRPD service.
  - 4. A method according to claim 1, further comprising, after the authentication fails, notifying, by way of the MSC/VLR, a Home Location Register (HLR) that the authentication failed, and re-calculating SSD and updating SSDs, by way of the HLR, at a terminal and network sides.
  - 5. A method according to claim 1, wherein step (A) further comprising the steps of:
    - (A1) after receiving the request from an AN for the user identifier, obtaining, by way of the AT, the user identifier from the UIM and sending the user identifier to the AN; and
      
      ,(A2) after receiving the user identifier, sending, by way of the AN, the user identifier to MSC.
  - 6. A method according to claim 5, wherein, in step (A1), requesting by way of the AN, the user identifier from the AT through a PPP/EAP-Request/Identity message, and sending, by way of the AT, the user identifier to the AN through a PPP/EAP-Response/Identity message;
    - in step (A2), sending, by way of the AN, the user identifier to the MSC/VLR through a CM Service Request message.
  - 7. A method according to claim 6, wherein step (B) further comprising the steps of:
    - (B1) after receiving the CM Service Request message, sending, by way of the MSC/VLR, to an Home Location Register (HLR) an authentication request, AUTHREQ, based on the user identifier contained in the CM Service Request message;
      
      (B2) after receiving the AUTHREQ, initiating, by way of the HLR, to the MSC/VLR a response, authreq, which includes the random number and the first authentication number;
      
      (B3) after receiving the authreq, the sending, by way of the MSC/VLR, to the AN a unique inquiry Authentication Request message, wherein the authreq includes said random number; and
      
      (B4) after receiving the Authentication Request message, converting, by way of the AN, this message into a message of EAP-UIM protocol and sending the converted message to the AT through a PPP/EAP-Request/UIM/Challenge message.
  - 8. A method according to claim 1, wherein step (C) further comprising the steps of:
    - (C1) sending, by way of the AT, the calculated second authentication number to AN through a PPP/EAP-Response/UIM/Challenge message of EAP-UIM protocol; and
      
      (C2) after receiving the message, sending, byway of the AN, the second authentication number to the MSC/VLR through a unique inquiry Authentication Response message.
  - 9. A method according to claim 1, wherein, in step (B), obtaining, by way of the MSC/VLR, a random number and a first authentication number from an Home Location Register (HLR) according to the user identifier.
  - 10. A method according to claim 1, wherein, in step (B), obtaining, by way of the MSC/VLR, said random number and first authentication number from VLR according to the user identifier.

11. A method for implementing authentication of high-rate packet data (HRPD) services, the method comprising the steps of:
- (A) receiving, by way of a Mobile Switching Center/Visiting Location Register (MSC/VLR), a user identifier from an Access Terminal (AT)which takes user information in a User Identity Module (UIM) as the user identifier and starts an authentication of extended authentication protocol (EAP);
  
  (B) obtaining, by way of the MSC/VLR, a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and
  
  ,(C) judging, by way of the MSC/VLR after receiving a second authentication number calculated by the AT based on said random number and SSD stored in the AT, by comparing whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A method according to claim 11, after the authentication succeeds, further comprising the step of (D) judging, by way of the MSC/VLR, whether the user has subscribed to HRPD service, and if yes, returning, by way of the MSC/VLR, Service Accept to the AT via an Access Network (AN), and otherwise, returning Service Reject to the AT via the AN.
  - 13. A method according to claim 12, wherein said judging whether the user has subscribed to the HRPD service in step(D) comprises judging through the user identifier whether the user has subscribed to the HRPD service.
  - 14. A method according to claim 11, further comprising, after the authentication fails, notifying, by way of the MSC/VLR, a Home Location Register (HLR) that the authentication failed, andre-calculating SSD and updating SSDs, by way of the HLR, at a terminal and network sides.
  - 15. A method according to claim 11, wherein step (A) further comprising the steps of:
    - (A1) after receiving the request from an AN for the user identifier, obtaining, by way of the AT, the user identifier from the UIM and sending the user identifier to the AN; and
      
      ,(A2) after receiving the user identifier, sending, by way of the AN, the user identifier to MSC.
  - 16. A method according to claim 15, wherein step (B) further comprising the steps of:
    - (B1) after receiving the CM Service Request message, sending, by way of the MSC/VLR, to an Home Location Register (HLR) an authentication request, AUTHREQ, based on the user identifier contained in the CM Service Request message;
      
      (B2) after receiving the AUTHREQ, initiating, by way of the HLR, to the MSC/VLR a response, authreq, which includes the random number and the first authentication number;
      
      (B3) after receiving the authreq, sending, by way of the MSC/VLR, to the AN a unique inquiry Authentication Request message, wherein the authreq includes said random number; and
      
      (B4) after receiving the Authentication Request message, converting, by way of the AN, this message into a message of EAP-UIM protocol and sending the converted message to the AT through a PPP/EAP-Request/UIM/Challenge message.
  - 17. A method according to claim 11, wherein, in step (B), obtaining, by way of the MSC/VLR, a random number and a first authentication number from an Home Location Register (HLR) according to the user identifier.
  - 18. A method according to claim 11, wherein, in step (B), obtaining, by way of the MSC/VLR, said random number and first authentication number from VLR according to the user identifier.

19. A Mobile Switching Center/Visiting Location Register (MSC/VLR) for implementing authentication of high-rate packet data (HRPD) services, configured to implement the method comprising:
- receiving, by way of a Mobile Switching Center/Visiting Location Register (MSC/VLR), user information in a User Identity Module (UIM) from an Access Terminal (AT) as a user identifier and starting the authentication of extended authentication protocol (EAP);
  
  obtaining, by way of the MSC/VLR, a random number and a first authentication number corresponding to the random number based on the user identifier, wherein said first authentication number is calculated with Shared Secret Data (SSD) stored at a network side and said random number; and
  
  judging, by way of the MSC/VLR after receiving a second authentication number calculated by the AT based on said random number and SSD stored in the AT, by comparing whether the first authentication number and the second authentication number are consistent, such that, if yes, the authentication succeeds, and otherwise, the authentication fails.
- View Dependent Claims (20)
- - 20. A MSC/VLR according to claim 19, further comprising:
    - judging, by way of the MSC/VLR, whether the user has subscribed to HRPD service, and if yes, returning Service Accept to the AT via an Access Network (AN), and otherwise, returning Service Reject to the AT via the AN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Li, Zhuo, Gao, Jianghai, Li, Wenxian, Guo, Shikui, Zou, Fengshao
Primary Examiner(s)
Patel; Ajit

Application Number

US11/273,886
Publication Number

US 20060121895A1
Time in Patent Office

1,239 Days
Field of Search

None
US Class Current

455/433
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/162   at the data link layer

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

Method of implementing authentication of high-rate packet data services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of implementing authentication of high-rate packet data services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links