HRPD network access authentication method based on cave algorithm
First Claim
1. A method for operating during an authentication in an AT (Access Terminal) having a Removable User Identity Module (R-UIM) card using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:
- extracting, by the AT, a RANDom number (RAND) from a CHAP (Challenge Handshake Authentication Protocol) challenge message from a High Rate Packet Data (HRPD) system;
instructing, by the AT, the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND; and
transmitting, by the AT, to the HRPD system, the authentication parameter and an identification of the AT in a CHAP response message, in response to the CHAP challenge message,wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems, andwherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and HPRD systems for packet data services.
0 Assignments
0 Petitions
Accused Products
Abstract
A HRPD network access authentication method based on CAVE algorithm is provided. An AT (Access Terminal) generates a random number “RAND” necessary for a calculation of an AUTH1 by using a “Random text” included in the CHAP Challenge message. A UIM (User Identity Module) card works out the AUTH1 by using the random number “RAND” and an SSD_A (Shared Secret Data A) in the UIM card. The AT carries the AUTH1 in a Result field of the CHAP Response message. An AN-AAA (Access Network-Authentication, Authorization, and Accounting) generates the random number “RAND” necessary for the calculation of an AUTH2 by using a “Random text” included in a Radius Access Request message. The AN-AAA works out the AUTH2 by using the random number “RAND”. The two results AUTH1 and AUTH2 are compared. If the results are the same, the authentication on the AT passes. Otherwise, AT access is rejected.
25 Citations
13 Claims
-
1. A method for operating during an authentication in an AT (Access Terminal) having a Removable User Identity Module (R-UIM) card using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:
-
extracting, by the AT, a RANDom number (RAND) from a CHAP (Challenge Handshake Authentication Protocol) challenge message from a High Rate Packet Data (HRPD) system; instructing, by the AT, the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND; and transmitting, by the AT, to the HRPD system, the authentication parameter and an identification of the AT in a CHAP response message, in response to the CHAP challenge message, wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems, and wherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and HPRD systems for packet data services. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for operating during an authentication in an Access Terminal (AT) having a Removable User Identity Module (R-UIM) using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising the steps of:
-
determining, by an Access Network-Authentication Authorization and Accounting (AN-AAA) server in a High Rate Packet Data (HPRD) system, whether the AT performs the authentication using the CAVE algorithm; determining, by the AN-AAA server, a RAN Dom number (RAND) used by the AT if the AT uses the CAVE algorithm; verifying, by the AN-AAA server, an AUTH1 sent by the AT and determining the authentication for the AT; and transmitting, by the AN-AAA server, to an access network, the determined authentication for the AT, wherein the R-UIM is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HPRD systems, wherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services, and wherein determining the authentication for the AT comprises comparing, by the AN-AAA server, the AUTH1 and an AUTH 2 calculated using the RAND and authenticating, by the AN-AAA server, for the AT, if the AUTH2 is identical with the AUTH1. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A system for authenticating by using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising:
-
a Hybrid Access Terminal (HAT) having a Removable User Identity Module (R-UIM) card, for extracting a RANDom number (RAND) included in a Challenge Handshake Authentication Protocol (CHAP) challenge message from a High Rate Packet Data (HRPD) system, instructing the R-UIM card to use the CAVE algorithm to calculate an authentication parameter using the RAND, and transmitting to the HRPD system, the authentication parameter and an identification of the HAT in a CHAP response message in response to the CHAP Challenge message, wherein the R-UIM card is used for authenticating the HAT in Code Division Multiple Access (CDMA) 2000 1x and HARD (High Rate Packet Data) systems, and wherein the HAT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services.
-
-
13. A system for performing an authentication in an Access Terminal (AT) having a Removable User Identity Module (R-UIM) using a Cellular Authentication Voice Encryption (CAVE) algorithm, comprising:
-
an Access Network-Authentication Authorization and Accounting (AN-AAA) server in a High Rate Packet Data (HRPD) system for determining whether the AT performs the authentication using the CAVE algorithm, determining a RANDom number (RAND) used by the AT if the AT uses the CAVE algorithm verifying an AUTH1 sent by the AT and determining the authentication for the AT, wherein the R-UIM card is used for authenticating the AT in Code Division Multiple Access (CDMA) 2000 1x and HRPD systems, wherein the AT is a dual-mode access terminal capable of accessing both the CDMA 2000 1x and the HRPD systems for packet data services, and wherein determining the auth entication for the AT comprises comparing, by the AN-AAA server, the AUTH1 and an AUTH 2 calculated using the RAND and authenticating, by the AN-AAA server, for the AT, if the AUTH2 is identical with the AUTH1.
-
Specification