CN1297155C - Authentication method for user of global mobile communication system when roaming to CDMA network - Google Patents

Authentication method for user of global mobile communication system when roaming to CDMA network Download PDF

Info

Publication number
CN1297155C
CN1297155C CNB031412572A CN03141257A CN1297155C CN 1297155 C CN1297155 C CN 1297155C CN B031412572 A CNB031412572 A CN B031412572A CN 03141257 A CN03141257 A CN 03141257A CN 1297155 C CN1297155 C CN 1297155C
Authority
CN
China
Prior art keywords
rand
cdma
authentication
gsm
sres
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB031412572A
Other languages
Chinese (zh)
Other versions
CN1568037A (en
Inventor
邹锋哨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB031412572A priority Critical patent/CN1297155C/en
Publication of CN1568037A publication Critical patent/CN1568037A/en
Application granted granted Critical
Publication of CN1297155C publication Critical patent/CN1297155C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses an authentication method for roaming a code division multiple access (CDMA) network in a global system for mobile communication (GSM) for users. An intercommunication and interoperation functional entity (IIF) stores the identity cipher keys (Ki) of GSM user mobile stations (MS) needing to roam the CDMA network. CDMA authentication parameters and GSM authentication parameters are mutually converted through a certain algorithm for adaptation. The present invention utilizes CDMA authentication process and GSM authentication algorithm for authentication. The present invention authenticates the SIM cards of original GSM users when the present invention develops new service for GSM users to roam the CDMA network, avoids operators to send new user identification modules to the GSM users, does not need to modify the existing GSM network apparatuses and CDMA network apparatuses simultaneously, enhances service operability, and is simple and convenient to realize.

Description

全球移动通信系统用户漫游到码分多址网络的鉴权方法Authentication Method for Global System for Mobile Communications Users Roaming to Code Division Multiple Access Network

技术领域technical field

本发明涉及移动通信系统的鉴权技术,特别涉及一种全球移动通信系统(GSM)用户漫游到码分多址(CDMA)网络的鉴权方法。The invention relates to an authentication technology of a mobile communication system, in particular to an authentication method for a global system for mobile communication (GSM) user roaming to a code division multiple access (CDMA) network.

背景技术Background technique

在移动通信系统中,移动台要接入系统,首先要进行鉴权,通过鉴权的合法用户才能接入网络。In a mobile communication system, to access the system, a mobile station must first perform authentication, and only legitimate users who pass the authentication can access the network.

其中,GSM网络对GSM用户的鉴权,包括通用鉴权算法A3/A8以及对MS和网络唯一的参数身份密钥(Ki);当SIM卡生成时,将生成Ki并写在卡中;在HLR/AuC中对GSM用户开户时,需保存与SIM卡中保存相同的Ki;Ki不能通过空口传递。Among them, the GSM network authentication to GSM users includes the general authentication algorithm A3/A8 and the unique parameter identity key (Ki) to the MS and the network; when the SIM card is generated, Ki will be generated and written in the card; When opening an account for a GSM user in the HLR/AuC, it is necessary to save the same Ki as that saved in the SIM card; the Ki cannot be transmitted through the air interface.

网络侧通过以下步骤对MS进行鉴权:The network side authenticates the MS through the following steps:

1、HLR/AuC将生成随机数RAND,并根据Ki和RAND经过A3/A8算法计算出符号响应(SRES)和密钥C(Kc);1. HLR/AuC will generate random number RAND, and calculate symbol response (SRES) and key C (Kc) according to Ki and RAND through A3/A8 algorithm;

2、网络例通过鉴权请求消息,将随机数RAND发送给MS;2. The network example sends the random number RAND to the MS through the authentication request message;

3、MS收到RAND后,同样根据RAND和Ki经过A3/A8算法计算出SRES和Kc,并将SRES返回给网络侧,Kc不需要在空口传递;3. After MS receives RAND, it also calculates SRES and Kc through A3/A8 algorithm according to RAND and Ki, and returns SRES to the network side, and Kc does not need to be transmitted over the air interface;

SRES=A3(RAND,Ki);Kc=A8(RAND,Ki);SRES=A3(RAND, Ki); Kc=A8(RAND, Ki);

其中SRES为32位(bit),Kc为64位(bit),RAND为128位(bit),Ki为32位(bit)。Wherein SRES is 32 bits (bit), Kc is 64 bits (bit), RAND is 128 bits (bit), and Ki is 32 bits (bit).

4、网络侧收到MS发送的SRES后,将其与自身计算的SRES进行比较,相同则MS为合法用户,否则非法。4. After receiving the SRES sent by the MS, the network side compares it with the SRES calculated by itself. If they are the same, the MS is a legal user, otherwise, it is illegal.

另外,CDMA网络对CDMA用户鉴权的方法,包括一个通用的用户鉴权与语音加密算法(CAVE)以及对移动台(MS)和网络唯一的参数鉴权密钥(AKey);当R-UIM卡生成时,生成AKey并写在卡中;在HLR/AC中对CDMA用户开户时,需保存与R-UIM卡中保存相同的AKey;通过共享加密数据(SSD)更新流程,可根据AKey和鉴权随机数(RANDSSD)生成SSD,而SSD是CDMA鉴权最重要的参数之一,只能动态生成。AKey和SSD不能通过空口传递。In addition, the method for CDMA user authentication by the CDMA network includes a general user authentication and voice encryption algorithm (CAVE) and a unique parameter authentication key (AKey) for the mobile station (MS) and the network; when R-UIM When the card is generated, an AKey is generated and written in the card; when opening an account for a CDMA user in the HLR/AC, the same AKey as that saved in the R-UIM card needs to be saved; through the update process of the shared encrypted data (SSD), the AKey and Authentication random number (RANDSSD) generates SSD, and SSD is one of the most important parameters of CDMA authentication, which can only be generated dynamically. AKey and SSD cannot be passed over the air interface.

当用户第一次接入系统时,必须首先进行SSD更新,以保证HLR/AC与R-UIM卡中的SSD保持一致;否则,鉴权将无法成功;When the user accesses the system for the first time, the SSD must be updated first to ensure that the HLR/AC is consistent with the SSD in the R-UIM card; otherwise, the authentication will not succeed;

在SSD更新成功之后,用户再次接入系统时,网络需对用户进行鉴权;由于HLR/AC与R-UIM卡中的鉴权参数完全一致,经过同样的算法,应能计算出相同的结果;否则,表明该用户为非法用户。After the SSD update is successful, when the user accesses the system again, the network needs to authenticate the user; since the authentication parameters in the HLR/AC and the R-UIM card are completely consistent, the same algorithm should be able to calculate the same result ; Otherwise, it indicates that the user is an illegal user.

网络对用户的鉴权有两种方式:There are two ways for the network to authenticate users:

一种是广播查询鉴权,该方式要求基站(BS)系统支持广播查询鉴权,其对MS进行鉴权的过程为:One is broadcast query authentication, which requires the base station (BS) system to support broadcast query authentication, and the process of authenticating the MS is as follows:

1、网络侧通过控制/寻呼信道向本小区下所有MS周期性地广播RAND。1. The network side periodically broadcasts RAND to all MSs in the cell through the control/paging channel.

2、MS需要接入系统时,如位置登记、始呼、寻呼响应等,使用当前控制/寻呼信道上RAND计算鉴权结果(AUTHR),并在初始接入消息中发送给网络侧。2. When the MS needs to access the system, such as location registration, call initiation, and paging response, etc., use the RAND on the current control/paging channel to calculate the authentication result (AUTHR), and send it to the network side in the initial access message.

3、网络侧根据RAND计算出AUTHR,并与MS发送上来的AUTHR进行比较,相同则MS为合法用户,否则非法。3. The network side calculates the AUTHR according to the RAND, and compares it with the AUTHR sent by the MS. If they are the same, the MS is a legal user; otherwise, it is illegal.

网络侧计算AUTHR的算法与MS计算AUTHR的算法相同,为:The algorithm for calculating the AUTHR on the network side is the same as that used by the MS, which is:

AUTHR=CAVE(RAND,SSD_A,ESN,AUTHDATA);其中AUTHR为18位(bit),RAND为32位(bit),SSD_A为SSD前64位(bit),ESN为电子序列号,AUTHDATA为鉴权数据,接入类型不同时使用的数据也不同,如在呼叫时根据移动识别号码(MIN)与被叫号码计算,在位置登记或寻呼响应时则仅根据MIN计算。AUTHR=CAVE(RAND, SSD_A, ESN, AUTHDATA); AUTHR is 18 bits (bit), RAND is 32 bits (bit), SSD_A is the first 64 bits (bit) of SSD, ESN is electronic serial number, AUTHDATA is authentication Data, the data used when the access type is different is also different, for example, it is calculated based on the mobile identification number (MIN) and the called number when calling, and it is only calculated based on the MIN during location registration or paging response.

另一种是独特查询鉴权方式,用该方式对MS进行鉴权的过程为:The other is the unique query authentication method, and the process of authenticating the MS in this method is as follows:

1、网络侧生成独特查询随机数(RANDU),并用该RANDU计算出该用户的鉴权结果(AUTHU);并将向MS发送独特查询随机数(RANDU)。1. The network side generates a unique query random number (RANDU), and uses the RANDU to calculate the user's authentication result (AUTHU); and sends the unique query random number (RANDU) to the MS.

2、MS收到RANDU后也根据RANDU计算AUTHU并返回给网络侧。2. After receiving the RANDU, the MS also calculates the AUTHU according to the RANDU and returns it to the network side.

3、最后,网络侧将自身计算的AUTHU与MS发送的AUTHU进行比较,相同则MS为合法用户,否则非法。3. Finally, the network side compares the AUTHU calculated by itself with the AUTHU sent by the MS. If they are the same, the MS is a legal user; otherwise, it is illegal.

这种鉴权方式可由MSC在控制信道或业务信道上发起;其算法如下:This authentication method can be initiated by the MSC on the control channel or traffic channel; its algorithm is as follows:

AUTHU=CAVE(RANDU,SSD_A,ESN,MIN);其中AUTHU为18位(bit),RANDU为32位(bit),SSD_A为SSD前64位(bit),ESN为电子序列号,MIN为移动识别号码。AUTHU=CAVE(RANDU, SSD_A, ESN, MIN); AUTHU is 18 bits (bit), RANDU is 32 bits (bit), SSD_A is the first 64 bits (bit) of SSD, ESN is electronic serial number, MIN is mobile identification Number.

目前,通过网络侧增加一个互通和互操作功能实体(IIF)可以支持GSM注册用户使用CDMA网络中的业务以及CDMA注册用户使用GSM网络中的业务,IIF主要完成GSM网络和CDMA网络之间的互通和互操作功能;参见图1,图1为IIF与GSM网络和CDMA网络的连接结构示意图。At present, adding an Interworking and Interoperability Functional Entity (IIF) on the network side can support GSM registered users to use the services in the CDMA network and CDMA registered users to use the services in the GSM network. The IIF mainly completes the interworking between the GSM network and the CDMA network. And interoperability function; see Fig. 1, Fig. 1 is the connection structure diagram of IIF and GSM network and CDMA network.

其中,CDMA的美国国家标准学会41系列协议(ANSI-41)核心网110中,CDMA鉴权中心(AC)111通过H接口与归属位置寄存器(HLR)113相连,短消息中心(MC)112通过N接口与HLR相连,MC112、HLR113、访问位置寄存器(VLR)114、移动交换中心(MSC)115分别通过Q接口、D接口、D接口、和E接口与IIF相连。Among them, in the American National Standards Institute 41 series protocol (ANSI-41) core network 110 of CDMA, the CDMA authentication center (AC) 111 is connected with the home location register (HLR) 113 through the H interface, and the short message center (MC) 112 is connected through the H interface. N interface is connected with HLR, MC112, HLR113, visitor location register (VLR) 114, mobile switching center (MSC) 115 are respectively connected with IIF through Q interface, D interface, D interface and E interface.

GSM移动应用部分(MAP)核心网130中,GSM短消息业务中心(SMS-SC)132与GSM短消息业务-互通MSC(SMS-IWMSC)131、GSM短消息业务-关口MSC(SMS-GMSC)133分别相连,GSM鉴权中心(AuC)135通过H接口与HLR134相连,SMS-IWMS131、CSMS-GMSC133、HLR134、VLR136、MSC137、服务GPRS支持节点(SGSN)138分别通过E接口、E接口、D接口、D接口、E接口、Gr接口与IIF相连。In GSM mobile application part (MAP) core network 130, GSM short message service center (SMS-SC) 132 and GSM short message service-interworking MSC (SMS-IWMSC) 131, GSM short message service-gateway MSC (SMS-GMSC) 133 are connected respectively, GSM authentication center (AuC) 135 is connected with HLR134 through H interface, SMS-IWMS131, CSMS-GMSC133, HLR134, VLR136, MSC137, serving GPRS support node (SGSN) 138 are respectively through E interface, E interface, D Interface, D interface, E interface, Gr interface are connected with IIF.

IIF120处于GSM MAP核心网和ANSI-41核心网之间,执行ANSI-41信令和GSM MAP信令的转换。The IIF120 is located between the GSM MAP core network and the ANSI-41 core network, and performs conversion between ANSI-41 signaling and GSM MAP signaling.

当GSM注册用户使用双模终端漫游到CDMA网络,称GSM注册用户处于CDMA外地模式;此时,对于CDMA网络,IIF可看作该GSM注册用户的CDMA HLR;而对于GSM网络,IIF可看作为服务于这个GSM注册用户的GSM VLR。When a GSM registered user uses a dual-mode terminal to roam to the CDMA network, it is said that the GSM registered user is in the CDMA foreign mode; at this time, for the CDMA network, the IIF can be regarded as the CDMA HLR of the GSM registered user; and for the GSM network, the IIF can be regarded as GSM VLR serving this GSM registered user.

处于CDMA外地模式的GSM用户需要被CDMA网络鉴权,鉴权成功后,GSM用户才被允许接入CDMA网络,获得使用网络资源的权利。对于允许GSM用户使用CDMA网络资源的业务,鉴权是最关键的设计之一。A GSM user in the CDMA foreign mode needs to be authenticated by the CDMA network. After the authentication is successful, the GSM user is allowed to access the CDMA network and obtain the right to use network resources. For services that allow GSM users to use CDMA network resources, authentication is one of the most critical designs.

上述的GSM网络鉴权方法和CDMA网络鉴权方法,在GSM网络通过IIF与CDMA网络连接时,都不能对漫游到CDMA网络的GSM用户进行鉴权。因此,出现了GSM用户漫游到CDMA网络的鉴权方法,该方法为:The above-mentioned GSM network authentication method and CDMA network authentication method, when the GSM network is connected to the CDMA network through the IIF, cannot authenticate the GSM user roaming to the CDMA network. Therefore, there has been an authentication method for a GSM user to roam to a CDMA network, the method is:

由于IIF具备CDMA HLR功能,所以,需在IIF或AC上需注册GSM用户的CDMA鉴权签约数据A-Key,一般通过在GSM终端上插入标准CDMA R-UIM卡,或在终端使用能同时存储Ki和A-Key的新类型双模卡来实现。这样,CDMA外地模式下的GSM用户使用CDMA标准鉴权流程,包括SSD更新和鉴权;鉴权过程中不需要与归属网络GSM HLR参与交互。Since the IIF has the function of CDMA HLR, it is necessary to register the CDMA authentication subscription data A-Key of the GSM user on the IIF or the AC. Generally, a standard CDMA R-UIM card is inserted into the GSM terminal, or it can be stored at the same time when used in the terminal. Ki and A-Key's new type of dual-mode card to achieve. In this way, GSM users in the CDMA foreign mode use the CDMA standard authentication process, including SSD update and authentication; the authentication process does not need to participate in the interaction with the home network GSM HLR.

参见图2,图2为现有技术GSM用户漫游到CDMA网络鉴权的流程示意图。GSM用户终端插入了CDMA R-UIM卡,该用户同时也是CDMA用户。在HLR/AC中对CDMA用户开户时,保存与R-UIM卡中保存相同的AKey;通过SSD更新流程,可根据AKey和RAND生成SSD。当用户第一次接入系统时,必须首先进行SSD更新,以保证HLR/AC与R-UIM卡中的SSD保持一致。这样,GSM用户漫游到CDMA网络时鉴权的基本流程包括以下步骤:Referring to FIG. 2 , FIG. 2 is a schematic flow diagram of authentication for a GSM user roaming to a CDMA network in the prior art. The CDMA R-UIM card is inserted into the GSM user terminal, and the user is also a CDMA user. When opening an account for a CDMA user in the HLR/AC, save the same AKey as that saved in the R-UIM card; through the SSD update process, the SSD can be generated according to the AKey and RAND. When the user accesses the system for the first time, the SSD must be updated first to ensure that the HLR/AC is consistent with the SSD in the R-UIM card. In this way, the basic flow of authentication when a GSM user roams to a CDMA network includes the following steps:

步骤201,MS根据SSD和RAND计算AUTHR;Step 201, MS calculates AUTHR according to SSD and RAND;

步骤202,MS将AUTHR发送给CDMA网络的MSC/VLR;Step 202, the MS sends the AUTHR to the MSC/VLR of the CDMA network;

步骤203,MSC/VLR向IIF发送鉴权请求(AUTHREQ)消息;Step 203, MSC/VLR sends authentication request (AUTHREQ) message to IIF;

步骤204,IIF收到鉴权请求消息后,向CDMA网络的AC转发鉴权请求;Step 204, after receiving the authentication request message, the IIF forwards the authentication request to the AC of the CDMA network;

步骤205,CDMA网络的AC根据SSD、RAND计算AUTHR,并与IIF送上来的AUTHR进行比较;若不相同,则表明为非法用户,否则为合法用户;Step 205, the AC of the CDMA network calculates the AUTHR according to SSD and RAND, and compares it with the AUTHR sent by the IIF; if not the same, it indicates that it is an illegal user, otherwise it is a legal user;

步骤206,CDMA网络的AC向IIF返回包含鉴权结果的鉴权响应(authreq)消息;Step 206, the AC of the CDMA network returns an authentication response (authreq) message comprising the authentication result to the IIF;

步骤207,IIF将鉴权结果转发给CDMA网络的MSC/VLR;Step 207, the IIF forwards the authentication result to the MSC/VLR of the CDMA network;

步骤208,MSC/VLR根据鉴权结果进行处理,将合法用户接入,非法用户清除。In step 208, the MSC/VLR performs processing according to the authentication result, and accesses legal users and clears illegal users.

上述GSM用户漫游到CDMA网络的鉴权方法中,需要在GSM终端上发放新用户识别模块,一般通过在GSM终端上插入标准CDMA R-UIM卡,或在终端使用能同时存储Ki和A-Key的新类型双模卡来实现。因此,运营商需要再次发放用户识别模块给申请了漫游到CDMA网功能的GSM用户。这种使用户享受新业务的业务分发方式比较复杂,需要用户配合,不利于业务的推广。In the authentication method for the above-mentioned GSM user roaming to the CDMA network, a new user identification module needs to be issued on the GSM terminal, generally by inserting a standard CDMA R-UIM card on the GSM terminal, or using a terminal that can store Ki and A-Key at the same time A new type of dual-mode card is implemented. Therefore, the operator needs to reissue the user identification module to the GSM users who have applied for the function of roaming to the CDMA network. This kind of service distribution method that enables users to enjoy new services is relatively complicated, requires the cooperation of users, and is not conducive to the promotion of services.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种全球移动通信系统(GSM)用户漫游到码分多址(CDMA)网络的鉴权方法,在开展GSM用户漫游到CDMA网络的新业务时,避免运营商向GSM用户发放新的用户识别模块,增强业务的可运营性。In view of this, the object of the present invention is to provide a kind of authentication method that the global system for mobile communication (GSM) user roams to code division multiple access (CDMA) network, when carrying out the new business of GSM user roaming to CDMA network, avoid operating Providers issue new subscriber identification modules to GSM users to enhance service operability.

为达到上述目的,本发明的技术方案具体是这样实现的:In order to achieve the above object, the technical solution of the present invention is specifically realized in the following way:

一种全球移动通信系统(GSM)用户漫游到码分多址(CDMA)网络的鉴权方法,该方法包括:A kind of authentication method that the global system for mobile communication (GSM) user roams to code division multiple access (CDMA) network, this method comprises:

1)互通和互操作功能实体(IIF)保存需要漫游到CDMA网络的GSM用户移动台(MS)的身份密钥(Ki);CDMA网络对GSM用户的鉴权方式包括:广播查询鉴权和独特查询鉴权,其中,1) The interworking and interoperability functional entity (IIF) saves the identity key (Ki) of the GSM user mobile station (MS) that needs to roam to the CDMA network; the authentication methods of the CDMA network for the GSM user include: broadcast query authentication and unique Query authentication, where,

2)广播查询鉴权过程,包括以下步骤:2) broadcast query authentication process, including the following steps:

21)MS接收CDMA的基站控制器(BSC)广播的CDMA鉴权随机数(C-RAND),将该鉴权随机数(C-RAND)转换为GSM鉴权随机数(G-RAND),再根据G-RAND和MS中保存的Ki计算出符号响应(SRES)和密钥C(Kc);再将SRES转换为CDMA鉴权结果,发送给BSC;21) The MS receives the CDMA authentication random number (C-RAND) broadcast by the CDMA base station controller (BSC), converts the authentication random number (C-RAND) into a GSM authentication random number (G-RAND), and then Calculate the symbol response (SRES) and key C (Kc) according to the Ki stored in G-RAND and MS; then convert the SRES into a CDMA authentication result and send it to the BSC;

22)BSC将鉴权随机数(C-RAND)和CDMA鉴权结果发送给CDMA的移动交换中心(MSC)/拜访位置寄存器(VLR);22) BSC sends authentication random number (C-RAND) and CDMA authentication result to mobile switching center (MSC)/visitor location register (VLR) of CDMA;

23)MSC/VLR向IIF发送包含鉴权随机数(C-RAND)和CDMA鉴权结果的鉴权请求;23) MSC/VLR sends an authentication request including authentication random number (C-RAND) and CDMA authentication result to IIF;

24)IIF将收到的鉴权随机数(C-RAND)转换为GSM鉴权随机数(G-RAND),再根据G-RAND和IIF中保存的该MS的Ki计算出SRES和Kc;再将SRES转换为CDMA鉴权结果,将转换出的CDMA鉴权结果和收到的CDMA鉴权结果进行比较,完成广播查询鉴权;24) The IIF converts the received authentication random number (C-RAND) into a GSM authentication random number (G-RAND), and then calculates SRES and Kc according to the Ki of the MS stored in G-RAND and IIF; and then Convert the SRES to the CDMA authentication result, compare the converted CDMA authentication result with the received CDMA authentication result, and complete the broadcast query authentication;

3)独特查询鉴权过程,包括以下步骤:3) The unique query authentication process includes the following steps:

31)CDMA的MSC/VLR为没有带鉴权参数的GSM的MS向IIF发送鉴权请求;31) The MSC/VLR of CDMA sends an authentication request to the IIF for an MS without GSM with authentication parameters;

32)IIF根据鉴权请求,生成鉴权随机数(C-RAND),并转换为GSM鉴权随机数(G-RAND),再根据G-RAND和IIF中保存的该MS的Ki计算出SRES和Kc;再将SRES转换为CDMA鉴权结果;32) The IIF generates an authentication random number (C-RAND) according to the authentication request, and converts it into a GSM authentication random number (G-RAND), and then calculates the SRES based on the Ki of the MS stored in G-RAND and IIF and Kc; then convert SRES to CDMA authentication result;

33)IIF向MSC/VLR返回包含鉴权随机数(C-RAND)和CDMA鉴权结果的鉴权响应;33) The IIF returns an authentication response including the authentication random number (C-RAND) and the CDMA authentication result to the MSC/VLR;

34)MSC/VLR保存CDMA鉴权结果,并通过BSC向MS发送包含鉴权随机数(C-RAND)的独特查询鉴权请求;34) MSC/VLR saves the CDMA authentication result, and sends a unique inquiry authentication request including authentication random number (C-RAND) to MS through BSC;

35)MS将收到的鉴权随机数(C-RAND)转换为GSM鉴权随机数(G-RAND),再根据G-RAND和MS中保存的Ki计算出SRES和Kc;再将SRES转换为CDMA鉴权结果,并将鉴权结果随鉴权响应通过BSC返回给MSC/VLR;35) MS converts the received authentication random number (C-RAND) into GSM authentication random number (G-RAND), and then calculates SRES and Kc according to G-RAND and Ki stored in MS; then converts SRES It is the CDMA authentication result, and returns the authentication result to the MSC/VLR through the BSC along with the authentication response;

36)MSC/VLR将收到的CDMA鉴权结果和步骤34)中保存的CDMA鉴权结果进行比较,完成独特查询鉴权。36) The MSC/VLR compares the received CDMA authentication result with the CDMA authentication result saved in step 34), and completes the unique query authentication.

其中,所述的步骤34)可以进一步包括:MSC/VLR收到IIF返回的鉴权响应后,先通过BSC指配业务信道,业务信道指配成功后,再发送独特查询鉴权请求。Wherein, the step 34) may further include: after receiving the authentication response returned by the IIF, the MSC/VLR first assigns a traffic channel through the BSC, and after the traffic channel assignment is successful, sends a unique query authentication request.

所述的指配业务信道的方法可以为:MSC/VLR向BSC发送指配请求;BSC根据该指配请求指配业务信道;并向MSC/VLR返回指配响应。The method for assigning traffic channels may be as follows: MSC/VLR sends an assignment request to BSC; BSC assigns traffic channels according to the assignment request; and returns an assignment response to MSC/VLR.

步骤21)-步骤24)中所述的CDMA鉴权随机数可以为广播鉴权随机数;步骤32)-步骤36)中所述的CDMA鉴权随机数可以为独特查询鉴权随机数。The CDMA authentication random number described in step 21)-step 24) may be a broadcast authentication random number; the CDMA authentication random number described in step 32)-step 36) may be a unique query authentication random number.

所述的将C-RAND转换为G-RAND的方法可以为:将C-RAND进行运算后填入G-RAND;或将C-RAND和国际移动用户识别码(IMSI)或/和电子序列号(ESN)进行运算后填入G-RAND。例如,该方法可以为:将C-RAND填入G-RAND的固定位置,将G-RAND剩余位置用预定数字或/和国际移动用户识别码(IMSI)填满;或将G-RAND的剩余位置用预定数字或/和电子序列号(ESN)填满。The described method of converting C-RAND into G-RAND can be as follows: fill in G-RAND after performing operations on C-RAND; or use C-RAND and International Mobile Subscriber Identity (IMSI) or/and electronic serial number (ESN) fill in G-RAND after calculation. For example, the method can be: fill C-RAND into the fixed position of G-RAND, fill the remaining position of G-RAND with predetermined numbers or/and International Mobile Subscriber Identity (IMSI); or fill the remaining position of G-RAND The slots are filled with predetermined numbers or/and an Electronic Serial Number (ESN).

所述的根据G-RAND和MS中保存的Ki计算出RES和Kc的方法,可以与所述的根据G-RAND和IIF中保存的该MS的Ki计算出SRES和Kc的方法相同,为:用G-RAND和Ki通过A3/A8算法计算出SRES和Kc。The method for calculating RES and Kc based on the Ki stored in G-RAND and MS can be the same as the method for calculating SRES and Kc based on the Ki stored in G-RAND and IIF, which is: SRES and Kc were calculated by A3/A8 algorithm using G-RAND and Ki.

所述的将SRES转换为CDMA鉴权结果的方法可以为:将在SRES的固定位置取出CDMA鉴权结果;或将SRES进行运算后,在固定位置取出CDMA鉴权结果;或将SRES和Kc或/和国际移动用户识别码(IMSI)或/和电子序列号(ESN)进行运算后,在固定位置取出CDMA鉴权结果。The described method of converting SRES into a CDMA authentication result can be: taking out the CDMA authentication result at a fixed position of the SRES; or taking out the CDMA authentication result at a fixed position after the SRES is operated; After performing operations with the International Mobile Subscriber Identity (IMSI) or/and the Electronic Serial Number (ESN), the CDMA authentication result is taken out at a fixed location.

由本发明的技术方案可见,本发明的这种全球移动通信系统(GSM)用户漫游到码分多址(CDMA)网络的鉴权方法在开展GSM用户漫游到CDMA网络的新业务时,使用原有GSM用户的SIM卡进行鉴权,避免了运营商向GSM用户发放新的用户识别模块,同时,不需要修改现有的GSM网络设备和CDMA网络设备,实现简便,增强了业务的可运营性。As can be seen from the technical scheme of the present invention, the authentication method of this Global System for Mobile Communications (GSM) user of the present invention roaming to the code division multiple access (CDMA) network is when carrying out the new business of the GSM user roaming to the CDMA network, using the original The authentication of the SIM card of the GSM user avoids the operator issuing a new user identification module to the GSM user. At the same time, it does not need to modify the existing GSM network equipment and CDMA network equipment, which is easy to implement and enhances the operability of the service.

附图说明Description of drawings

图1为IIF与GSM网络和CDMA网络的连接结构示意图;Fig. 1 is the connection structural diagram of IIF and GSM network and CDMA network;

图2为现有技术GSM用户漫游到CDMA网络鉴权的流程示意图;Fig. 2 is the schematic flow chart of prior art GSM user roaming to CDMA network authentication;

图3为本发明第一较佳实施例的广播鉴权流程示意图;FIG. 3 is a schematic diagram of the broadcast authentication flow in the first preferred embodiment of the present invention;

图4为图3所示实施例中MS生成AUTHR的示意图;Fig. 4 is a schematic diagram of MS generating AUTHR in the embodiment shown in Fig. 3;

图5为本发明第二较佳实施例的独特查询鉴权流程示意图。Fig. 5 is a schematic diagram of a unique query authentication process in the second preferred embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,下面结合实施例和附图,对本发明进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the embodiments and accompanying drawings.

本发明是根据GSM网络鉴权参数与CDMA网络鉴权参数比较的结果,通过一定算法进行适配,将CDMA鉴权参数与GSM鉴权参数进行互相转换,进行鉴权。According to the result of comparing the GSM network authentication parameters with the CDMA network authentication parameters, the invention performs adaptation through a certain algorithm, converts the CDMA authentication parameters and the GSM authentication parameters to each other, and performs authentication.

参见表一,表一GSM网络鉴权参数与CDMA网络鉴权参数比较。   GSM   CDMA   随机数   标识   RAND   RANDU   长度   128位(bit)   32位(bit)   鉴权结果   标识   SRES,注:Kc不需要传递   AUTHU   长度   32位(bit)   18位(bit) See Table 1, which compares the GSM network authentication parameters with the CDMA network authentication parameters. GSM CDMA random number logo RAND RANDU length 128 bits (bit) 32 bits Authentication result logo SRES, Note: Kc does not need to be passed AUTHU length 32 bits 18 bits

                        表一 Table I

由表一可见,若使用CDMA鉴权流程,无法完全承载GSM鉴权参数;因此,可考虑通过一定算法进行适配,通过算法Fa将CDMA的32bit的RAND或RANDU(简称C-RAND)转换为128bitRAND(简称G-RAND);并通过算法Fb将GSM的32bitSRES转换为CDMA的18bit的AUTHR或AUTHU(简称C-AUTH);对应关系表示如下:It can be seen from Table 1 that if the CDMA authentication process is used, the GSM authentication parameters cannot be fully carried; therefore, a certain algorithm can be considered for adaptation, and the CDMA 32-bit RAND or RANDU (C-RAND for short) can be converted into 128bitRAND (abbreviated as G-RAND); and the 32bitSRES of GSM is converted into the AUTHR or AUTHU of 18bit of CDMA (abbreviated as C-AUTH) by algorithm Fb; the corresponding relationship is expressed as follows:

G-RAND=Fa(C-RAND)G-RAND=Fa(C-RAND)

C-AUTH=Fb(SRES)C-AUTH=Fb(SRES)

算法Fa和Fb还可以用户信息作为入参,如MIN、ESN、被叫号码中某几个字节(无被叫号码时可用全1表示),但不仅限于这几个参数;Algorithms Fa and Fb can also use user information as input parameters, such as MIN, ESN, certain bytes in the called number (when there is no called number, it can be represented by all 1), but not limited to these parameters;

其中,算法Fa可以将C-RAND进行运算后填入G-RAND;或将C-RAND和国际移动用户识别码(IMSI)或/和电子序列号(ESN)进行运算后填入G-RAND。Among them, the algorithm Fa can calculate C-RAND and fill it into G-RAND; or calculate C-RAND and International Mobile Subscriber Identity (IMSI) or/and Electronic Serial Number (ESN) and fill it into G-RAND.

例如:将C-RAND填入G-RAND的固定位置,将G-RAND剩余位置用预定数字或/和国际移动用户识别码(IMSI)填满;或将G-RAND的剩余位置用预定数字或/和电子序列号(ESN)填满。For example: fill C-RAND into the fixed position of G-RAND, fill the remaining position of G-RAND with predetermined numbers or/and International Mobile Subscriber Identity (IMSI); or fill the remaining positions of G-RAND with predetermined numbers or / and Electronic Serial Number (ESN) filled.

算法Fb可以将在SRES的固定位置取出CDMA鉴权结果;或将SRES进行运算后,在固定位置取出CDMA鉴权结果;或将SRES和Kc或/和国际移动用户识别码(IMSI)或/和电子序列号(ESN)进行运算后,在固定位置取出CDMA鉴权结果。Algorithm Fb can take out the CDMA authentication result at the fixed position of SRES; Or take out the CDMA authentication result at the fixed position after SRES is operated; Or combine SRES and Kc or/and International Mobile Subscriber Identity (IMSI) or/and After the Electronic Serial Number (ESN) is calculated, the CDMA authentication result is taken out at a fixed location.

本发明中,IIF作为GSM注册用户在CDMA外地模式下的HLR/AC,其中保存Ki和鉴权算法A3/A8。在IIF中对需要漫游到CDMA网络的GSM用户开户时,将国际移动用户识别码(IMSI)和Ki的关系保存在IIF的数据库中。In the present invention, the IIF is used as the HLR/AC of the GSM registered user in the CDMA foreign mode, wherein Ki and the authentication algorithm A3/A8 are saved. When opening an account for a GSM user who needs to roam to a CDMA network in the IIF, the relationship between the International Mobile Subscriber Identity (IMSI) and Ki is stored in the database of the IIF.

本发明的鉴权方法包括:广播查询鉴权过程和独特查询鉴权过程。以下对两个鉴权过程分别举一个较佳实施例进行详细说明。The authentication method of the invention includes: a broadcast query authentication process and a unique query authentication process. A preferred embodiment of the two authentication processes will be described in detail below.

第一较佳实施例为一个广播查询鉴权始呼流程。本实施例在鉴权流程上与普通CDMA广播鉴权流程没有差别,但在鉴权算法上采用GSM的鉴权算法,并新增了Fa和Fb两个函数。参见图3,图3为本发明第一较佳实施例的广播鉴权流程示意图;该流程包括以下步骤:The first preferred embodiment is a call-initiating procedure for broadcast inquiry and authentication. In this embodiment, the authentication flow is the same as that of the common CDMA broadcast authentication flow, but the authentication algorithm of GSM is adopted in the authentication algorithm, and two functions Fa and Fb are newly added. Referring to FIG. 3, FIG. 3 is a schematic diagram of a broadcast authentication flow in the first preferred embodiment of the present invention; the flow includes the following steps:

步骤301,BSC通过寻呼/控制信道广播广播鉴权随机数C-RAND。In step 301, the BSC broadcasts the authentication random number C-RAND through the paging/control channel.

步骤302,MS对于收到的C-RAND先通过算法Fa将C-RAND转换为G-RAND,并用G-RAND和MS保存的Ki通过MS的SIM卡中A3/A8算法计算出SRES和Kc,然后用算法Fb将SRES转换为鉴权结果AUTHR。In step 302, the MS converts the received C-RAND into G-RAND through the algorithm Fa, and calculates SRES and Kc through the A3/A8 algorithm in the SIM card of the MS using the G-RAND and the Ki saved by the MS. Then use algorithm Fb to convert SRES into authentication result AUTHR.

步骤303,MS向BSC发送包含AUTHR的始呼请求。In step 303, the MS sends a call origination request including AUTHR to the BSC.

步骤304,BSC收到始呼请求后,向MSC/VLR发送业务请求(CM ServiceRequest),其中包含C-RAND和AUTHR。Step 304, after receiving the origination request, the BSC sends a service request (CM ServiceRequest) to the MSC/VLR, which includes C-RAND and AUTHR.

步骤305,MSC/VLR收到业务请求后,向IIF发送鉴权请求AUTHREQ,其中包含C-RAND和AUTHR。Step 305: After receiving the service request, the MSC/VLR sends an authentication request AUTHREQ to the IIF, which includes C-RAND and AUTHR.

步骤306,IIF收到鉴权请求消息后,首先通过Fa算法将C-RAND转换为G-RAND,并用G-RAND和IIF中保存的该MS的Ki通过A3/A8算法计算出SRES和Kc,然后通过算法Fb将SRES转换为AUTHR,并比较计算出来的AUTHR与MSC/VLR在鉴权请求中送上来的AUTHR是否相等;若相等,则表明为合法用户,允许接入;否则,为非法用户,拒绝接入。Step 306, after the IIF receives the authentication request message, it first converts C-RAND to G-RAND through the Fa algorithm, and calculates SRES and Kc through the A3/A8 algorithm using G-RAND and the Ki of the MS stored in the IIF, Then convert SRES to AUTHR through algorithm Fb, and compare whether the calculated AUTHR is equal to the AUTHR sent by MSC/VLR in the authentication request; if they are equal, it indicates that it is a legal user and allows access; otherwise, it is an illegal user , access is denied.

步骤307,IIF向MSC/VLR返回包含是否允许用户接入信息的鉴权响应(authreq)。In step 307, the IIF returns to the MSC/VLR an authentication response (authreq) containing information on whether to allow user access.

步骤308,MSC/VLR收到鉴权响应消息后,根据是否允许用户接入信息继续呼叫处理或清除呼叫。Step 308, after receiving the authentication response message, the MSC/VLR continues call processing or clears the call according to whether the user is allowed to access the information.

其中,步骤302是MS生成AUTHR的过程;步骤306中包含了IIF生成AUTHR的过程。图4为图3所示实施例中MS生成AUTHR的示意图;其包含三个算法:先在MS中的移动设备(ME)中通过算法Fa将32位的C-RAND转换为128位的G-RAND、然后用该G-RAND和Ki通过SIM卡中的算法A3/A8计算出32位和Kc、最后在ME中通过算法Fb将32位的SRES转换为18位的AUTHR。IIF中生成AUTHR的算法与图4所示相同,只是所用的Ki和A3/A8算法是预先存储在IIF中的。Wherein, step 302 is a process for the MS to generate the AUTHR; step 306 includes the process for the IIF to generate the AUTHR. Fig. 4 is the schematic diagram that MS generates AUTHR in the embodiment shown in Fig. 3; It comprises three algorithms: First, convert 32-bit C-RAND into 128-bit G-RAND by algorithm Fa in the mobile equipment (ME) in MS RAND, then use the G-RAND and Ki to calculate the 32-bit and Kc through the algorithm A3/A8 in the SIM card, and finally convert the 32-bit SRES to the 18-bit AUTHR through the algorithm Fb in the ME. The algorithm for generating AUTHR in the IIF is the same as that shown in Figure 4, except that the used Ki and A3/A8 algorithms are pre-stored in the IIF.

本实施例中Fa采用了一种较简单的算法:将C-RAND填入G-RAND前32位,G-RAND其他位可填写为全1。Fb的算法也比较简单:从32位的SRES中,取出前18位作为AUTHR。在实际应用中,算法Fa、Fb可以将MIN、ESN、被叫号码中某几个字节(无被叫号码时可用全1表示)作为入参,使用较复杂的算法进行转换。In this embodiment, Fa adopts a relatively simple algorithm: fill C-RAND into the first 32 bits of G-RAND, and fill other bits of G-RAND with all 1s. The algorithm of Fb is also relatively simple: take out the first 18 bits from the 32-bit SRES as AUTHR. In practical applications, the algorithms Fa and Fb can take MIN, ESN, and some bytes in the called number (if there is no called number, it can be represented by all 1s) as input parameters, and use more complex algorithms to convert.

本实施例为始呼流程,位置登记、寻呼响应的鉴权处理流程与此类似。This embodiment is a call initiation flow, and the authentication processing flow of location registration and paging response is similar to this.

第二较佳实施例为一个独特查询鉴权始呼流程。本实施例在鉴权流程上与普通CDMA独特鉴权流程没有差别,但在鉴权算法上采用GSM的鉴权算法,并新增了Fa和Fb两个函数。参见图5,图5为本发明第二较佳实施例的独特鉴权流程示意图;该流程包括以下步骤:The second preferred embodiment is a unique query authentication origination flow. In this embodiment, the authentication flow is the same as that of the common CDMA unique authentication flow, but the authentication algorithm of GSM is adopted, and two functions Fa and Fb are newly added. Referring to FIG. 5, FIG. 5 is a schematic diagram of a unique authentication process in a second preferred embodiment of the present invention; the process includes the following steps:

步骤501,MS接入,且未带鉴权参数,MSC/VLR为该MS向IIF发送鉴权请求(AUTHREQ)。Step 501, MS accesses without authentication parameters, and MSC/VLR sends an authentication request (AUTHREQ) to IIF for the MS.

步骤502,IIF收到鉴权请求消息后,发现无鉴权参数,则生成随机数RANDU(C-RAND),并通过Fa算法将C-RAND转换为G-RAND,用G-RAND和IIF中保存的该MS的Ki通过A3/A8算法计算出SRES和Kc;再通过Fb算法将SRES转换为CDMA鉴权结果(AUTHU)。Step 502, after the IIF receives the authentication request message and finds that there is no authentication parameter, it generates a random number RANDU (C-RAND), and converts C-RAND to G-RAND through the Fa algorithm, and uses G-RAND and IIF The saved Ki of the MS calculates the SRES and Kc through the A3/A8 algorithm; then converts the SRES into the CDMA authentication result (AUTHU) through the Fb algorithm.

步骤503,IIF向MSC/VLR返回鉴权响应(authreq),其中包含RANDU、AUTHU,指示MSC/VLR发起独特查询鉴权;Step 503, the IIF returns an authentication response (authreq) to the MSC/VLR, which includes RANDU and AUTHU, indicating that the MSC/VLR initiates a unique query authentication;

步骤504,MSC/VLR收到鉴权响应消息后,发现包含RANDU和AUTHU,则保存AUTHU。Step 504, after receiving the authentication response message, the MSC/VLR finds that RANDU and AUTHU are included, and saves the AUTHU.

步骤505,MSC/VLR向BSC发送指配请求(Assignment Request)指配业务信道Step 505, MSC/VLR sends assignment request (Assignment Request) to BSC to assign traffic channel

步骤506,BSC收到指配请求后,指配业务信道,并返回指配响应(Assignment Response);Step 506, after receiving the assignment request, the BSC assigns a traffic channel and returns an assignment response (Assignment Response);

步骤507,业务信道指配成功之后,MSC/VLR向BSC发送独特查询鉴权请求(Authentication Request),其中包含RANDU。Step 507, after the traffic channel assignment is successful, the MSC/VLR sends a unique query authentication request (Authentication Request) to the BSC, which includes RANDU.

步骤508,BSC将收到的独特查询鉴权请求(Authentication Request)发送给MS。In step 508, the BSC sends the received unique query authentication request (Authentication Request) to the MS.

步骤509,MS收到独特查询鉴权请求消息后,获得随机数RANDU(C-RAND),并通过算法Fa将C-RAND转换为G-RAND,并通过SIM卡中A3/A8算法计算出SRES和Kc,然后通过算法Fb将SRES转换为AUTHU。Step 509, after the MS receives the unique query authentication request message, it obtains the random number RANDU (C-RAND), converts the C-RAND to G-RAND through the algorithm Fa, and calculates the SRES through the A3/A8 algorithm in the SIM card and Kc, then convert SRES to AUTHU by algorithm Fb.

步骤510,MS向BSC返回独特鉴权响应,其中包含AUTHU。In step 510, the MS returns a unique authentication response to the BSC, which includes AUTHU.

步骤511,BSC将收到的包含AUTHU的独特查询鉴权响应返回给MSC/VLR。In step 511, the BSC returns the received unique query authentication response containing AUTHU to the MSC/VLR.

步骤512,MSC/VLR收到独特查询鉴权请求响应后,获得AUTHU,并与在步骤504)保存的AUTHU进行比较,判断结果是否一致,若一致,则表明为合法用户;否则,为非法用户。Step 512, MSC/VLR obtains the AUTHU after receiving the unique query authentication request response, and compares with the AUTHU preserved in step 504), and judges whether the result is consistent, if consistent, then shows that it is a legal user; otherwise, it is an illegal user .

步骤513,MSC/VLR将判断结果通过鉴权状态报告(ASREPORT)上报给IIF。In step 513, the MSC/VLR reports the judgment result to the IIF through an authentication status report (ASREPORT).

步骤514,IIF收到鉴权状态报告后,根据判断结果决定是否允许用户接入,并将包含是否允许接入信息的鉴权状态报告响应(asreport)中返回给MSC/VLR。Step 514, after receiving the authentication status report, the IIF decides whether to allow the user to access according to the judgment result, and returns the authentication status report response (asreport) containing the access information to the MSC/VLR.

步骤515,MSC/VLR收到鉴权状态报告响应消息后,根据是否允许接入信息继续接入处理或清除用户接入。Step 515, after receiving the authentication status report response message, the MSC/VLR continues access processing or clears user access according to the access information.

其中,步骤502是IIF生成AUTHU的过程;步骤509是MS生成AUTHU的过程。本实施例中,步骤509的MS生成AUTHU的过程,与图3中步骤302的MS生成AUTHR的过程相同;步骤502中IIF生成AUTHU的过程,与图3中步骤306的IIF生成AUTHR的过程相同;算法Fa和Fb也可以与第一较佳实施例相同。Among them, step 502 is the process of IIF generating AUTHU; step 509 is the process of MS generating AUTHU. In this embodiment, the process of MS generating AUTHU in step 509 is the same as the process of MS generating AUTHR in step 302 in FIG. 3; the process of IIF generating AUTHU in step 502 is the same as the process of generating AUTHR in step 306 in FIG. ; Algorithms Fa and Fb can also be the same as the first preferred embodiment.

本实施例为始呼流程,寻呼响应的鉴权处理流程与此相似。This embodiment is an initial call flow, and the authentication processing flow of a paging response is similar to this.

上述两个实施例中,对于漫游到CDMA网络的GSM用户,IIF禁止进行SSD更新操作。In the above two embodiments, for the GSM users roaming to the CDMA network, the IIF prohibits the SSD update operation.

另外,本发明还可以有以下的实施方法:和上述两个实施例相同,首先,IIF中保存需要漫游到CDMA网络的GSM用户移动台(MS)的身份密钥(Ki),IIF也具备执行GSM A3/A8算法运算的能力。然后,在SSD更新流程中,利用Ki产生SSD。最后,在广播查询鉴权和独特查询鉴权流程中,GSM的MS象一个普通CDMA终端一样被CMSC或AuC鉴权。In addition, the present invention can also have the following implementation methods: the same as the above two embodiments, at first, the identity key (Ki) of the GSM user mobile station (MS) that needs to roam to the CDMA network is stored in the IIF, and the IIF also has the ability to execute GSM A3/A8 algorithm computing capability. Then, in the SSD update process, use Ki to generate SSD. Finally, in the flow of broadcast inquiry authentication and unique inquiry authentication, GSM MS is authenticated by CMSC or AuC like a common CDMA terminal.

其中,利用Ki产生SSD的方法与上述两个鉴权流程中,利用Ki产生AUTHR或AUTHU的方法相似。Wherein, the method of using Ki to generate SSD is similar to the method of using Ki to generate AUTHR or AUTHU in the above two authentication processes.

利用Ki产生SSD的过程包括以下步骤:The process of using Ki to generate SSD includes the following steps:

1、IIF产生随机数RANDSSD,并通过Fa算法转换为G-RAND,用G-RAND和IIF中保存的进行SSD更新的GSM MS的Ki,通过A3/A8算法计算出SRES和Kc;再通过Fb算法将SRES转换为SSD。1. IIF generates random number RANDSSD, and converts it into G-RAND through Fa algorithm, uses G-RAND and Ki of GSM MS stored in IIF for SSD update, calculates SRES and Kc through A3/A8 algorithm; then through Fb Algorithm converts SRES to SSD.

2、IIF将RANDSSD通过CDMA的MSC/VLR发送给GSM的MS。2. The IIF sends the RANDSSD to the MS of GSM through the MSC/VLR of CDMA.

3、GSM的MS用通过算法Fa将RANDSSD转换为G-RAND,并通过SIM卡中A3/A8算法计算出SRES和Kc,然后通过算法Fb将SRES转换为SSD。3. The MS of GSM converts RANDSSD to G-RAND through the algorithm Fa, and calculates SRES and Kc through the A3/A8 algorithm in the SIM card, and then converts SRES into SSD through the algorithm Fb.

4、GSM的MS产生确认SSD更新信息通过CDMA的MSC/VLR发送给IIF。4. The GSM MS generates a confirmation SSD update information and sends it to the IIF through the CDMA MSC/VLR.

这样,GSM的MS就可以象一个普通CDMA终端一样用SSD参数,被CMSC或AuC鉴权了。In this way, the MS of GSM can be authenticated by CMSC or AuC by using SSD parameters like a common CDMA terminal.

由上述三个实施例可见,本发明的这种全球移动通信系统(GSM)用户漫游到码分多址(CDMA)网络的鉴权方法在开展GSM用户漫游到CDMA网络这个新业务时,不针对GSM外地模式用户增加新鉴权流程,不更换或修改GSM用户识别模块SIM,使用原有GSM用户的SIM卡进行鉴权,避免了运营商向GSM用户发放新的用户识别模块,同时,不需要修改现有的GSM网络设备和CDMA网络设备,实现简便,增强了业务的可运营性。Visible by above-mentioned three embodiments, this Global System for Mobile Communications (GSM) user of the present invention roams to the authentication method of Code Division Multiple Access (CDMA) network when carrying out this new business of GSM user roaming to CDMA network, does not aim at GSM non-local mode users add a new authentication process, do not replace or modify the GSM subscriber identification module SIM, use the original GSM user SIM card for authentication, avoiding the operator to issue a new subscriber identification module to GSM users, and at the same time, do not need Modify the existing GSM network equipment and CDMA network equipment, easy to implement, and enhance the operability of the business.

Claims (8)

1, a kind of global system for mobile communications GSM user roams into the method for authenticating of Code Division Multiple Access (CDMA) network, it is characterized in that, this method comprises:
1) intercommunication and interoperability functional entity IIF preserve the identity key Ki of GSM user's mobile station MS that need roam into cdma network; Cdma network comprises GSM user's authentication mode: broadcast query authentication and unique challenge authentication, wherein,
2) broadcast query authentication process may further comprise the steps:
21) MS receives the CDMA authentication random number C-RAND of the base station controller BSC broadcasting of CDMA, and C-RAND is converted to GSM authentication random number G-RAND, calculates symbol response SRES and ciphering key Kc according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, sends to BSC;
22) BSC sends to C-RAND and CDMA authenticating result moving exchanging center MSC/VLR Visitor Location Register VLR of CDMA;
23) MSC/VLR sends the authentication request that comprises C-RAND and CDMA authenticating result to IIF;
24) IIF is converted to G-RAND with the C-RAND that receives, the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result, CDMA authenticating result of changing out and the CDMA authenticating result of receiving are compared, finish the broadcast query authentication;
3) unique challenge authentication process may further comprise the steps:
31) MSC/VLR of CDMA sends authentication request for the MS with the GSM of authentication parameter not to IIF;
32) IIF generates C-RAND, and is converted to G-RAND according to authentication request, and the Ki according to this MS that preserves among G-RAND and the IIF calculates SRES and Kc again; Again SRES is converted to the CDMA authenticating result;
33) IIF returns the Authentication Response that comprises C-RAND and CDMA authenticating result to MSC/VLR;
34) MSC/VLR preserves the CDMA authenticating result, and sends the unique challenge authentication request that comprises C-RAND to MS by BSC;
35) MS is converted to G-RAND with the C-RAND that receives, calculates SRES and Kc according to the Ki that preserves among G-RAND and the MS again; Again SRES is converted to the CDMA authenticating result, and authenticating result is returned to MSC/VLR with Authentication Response by BSC;
36) MSC/VLR is with CDMA authenticating result and the step 34 received) in the CDMA authenticating result of preserving compare, finish the unique challenge authentication.
2, method for authenticating as claimed in claim 1, it is characterized in that described step 34) further comprise: after MSC/VLR receives the Authentication Response that IIF returns, earlier by BSC assignment Traffic Channel, after the Traffic Channel Assignment success, send the unique challenge authentication request again.
3, method for authenticating as claimed in claim 2 is characterized in that, the method for described assignment Traffic Channel is: MSC/VLR sends the assignment request to BSC; BSC is according to this assignment request assignment Traffic Channel; And return assignment response to MSC/VLR.
4, method for authenticating as claimed in claim 1 is characterized in that: step 21)-step 24) described in the CDMA authentication random number be the global challenge random number; Step 32)-step 36) described in the CDMA authentication random number be the unique challenge authentication random number.
5, method for authenticating as claimed in claim 1 is characterized in that: the described method that C-RAND is converted to G-RAND is: C-RAND is carried out inserting G-RAND after the computing; Or with C-RAND and international mobile subscriber identity IMSI or/and Electronic Serial Number ESN carry out inserting G-RAND after the computing.
6, method for authenticating as claimed in claim 5 is characterized in that: the described method that C-RAND is converted to G-RAND is: C-RAND is inserted the fixed position of G-RAND, with the G-RAND rest position with predetermined number or/and IMSI fill up; Or with the rest position of G-RAND with predetermined number or/and ESN fill up.
7, method for authenticating as claimed in claim 1, it is characterized in that: the described method that calculates SRES and Kc according to the Ki that preserves among G-RAND and the MS, the method that calculates SRES and Kc with described Ki according to this MS that preserves among G-RAND and the IIF is identical, for: go out SRES and Kc with G-RAND and Ki by the A3/A8 algorithm computation.
8, method for authenticating as claimed in claim 1 is characterized in that: the described method that SRES is converted to the CDMA authenticating result is: will take out the CDMA authenticating result in the fixed position of SRES; Or after SRES carried out computing, take out the CDMA authenticating result in the fixed position; Or with SRES and Kc or/and IMSI or/and after ESN carries out computing, take out the CDMA authenticating result in the fixed position.
CNB031412572A 2003-06-10 2003-06-10 Authentication method for user of global mobile communication system when roaming to CDMA network Expired - Fee Related CN1297155C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031412572A CN1297155C (en) 2003-06-10 2003-06-10 Authentication method for user of global mobile communication system when roaming to CDMA network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031412572A CN1297155C (en) 2003-06-10 2003-06-10 Authentication method for user of global mobile communication system when roaming to CDMA network

Publications (2)

Publication Number Publication Date
CN1568037A CN1568037A (en) 2005-01-19
CN1297155C true CN1297155C (en) 2007-01-24

Family

ID=34470861

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031412572A Expired - Fee Related CN1297155C (en) 2003-06-10 2003-06-10 Authentication method for user of global mobile communication system when roaming to CDMA network

Country Status (1)

Country Link
CN (1) CN1297155C (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100843072B1 (en) * 2005-02-03 2008-07-03 삼성전자주식회사 Wireless network system and communication method using same
US7630711B2 (en) 2006-01-05 2009-12-08 Qualcomm Incorporated Method and system for mapping provisioning information of different communications networks
CN100562167C (en) * 2006-04-24 2009-11-18 中兴通讯股份有限公司 A Method for Authenticating CDMA Users Roaming to GSM Networks
CN101631309B (en) * 2008-07-17 2013-03-20 上海华为技术有限公司 Method, device and system for authenticating terminal based on home base station network
CN113225756B (en) * 2021-04-30 2022-07-15 Oppo广东移动通信有限公司 Network residing method, device, terminal and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000002406A2 (en) * 1998-07-07 2000-01-13 Nokia Networks Oy System and method for authentication in a mobile communications system
CN1259811A (en) * 1998-05-07 2000-07-12 朗迅科技公司 Method and device used for secret in communication system
WO2002078380A1 (en) * 2001-03-26 2002-10-03 Ktfreetel Co., Ltd. Cdma terminal for providing roaming service to gsm service subscriber in cdma service area

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1259811A (en) * 1998-05-07 2000-07-12 朗迅科技公司 Method and device used for secret in communication system
WO2000002406A2 (en) * 1998-07-07 2000-01-13 Nokia Networks Oy System and method for authentication in a mobile communications system
WO2002078380A1 (en) * 2001-03-26 2002-10-03 Ktfreetel Co., Ltd. Cdma terminal for providing roaming service to gsm service subscriber in cdma service area

Also Published As

Publication number Publication date
CN1568037A (en) 2005-01-19

Similar Documents

Publication Publication Date Title
CN1298194C (en) Radio LAN security access method based on roaming key exchange authentication protocal
CN2870344Y (en) Wireless communication system with ability report
CN1256002C (en) User authentication method and system
CN1216202A (en) Method and system for supporting PACS with GSM mobile communication switching center
CN1662092A (en) Access authentication method and equipment in data packet network at high speed
CN1859729A (en) Authentifying method and relative information transfer method
CN1870808A (en) Key updating method
CN1674497A (en) Certification method for WLAN terminal switching in mobile network
CN1848994A (en) Method for realizing right discrimination of microwave cut-in global interoperating system
CN1320344A (en) Authentication in a mobile communication system
CN1549482A (en) A Method for Realizing High-Rate Packet Data Service Authentication
CN1601958A (en) HRPD network access authentication method based on CAVE algorithm
CN1794868A (en) Method of providing discriminating service in radio access network
CN1756428A (en) Method for carrying out authentication for terminal user identification module in IP multimedia subsystem
CN1681239A (en) Method for supporting multiple safe mechanism in wireless local network system
CN1297155C (en) Authentication method for user of global mobile communication system when roaming to CDMA network
CN1819698A (en) Method for acquring authentication cryptographic key context from object base station
CN1913701A (en) Method for providing different safety class service to different user in mobile communication system
CN1553610A (en) Authentication method for code division multiple access system user roaming to global system for mobile communication
CN1867186A (en) Method and apparatus for realizing user admittance control in wireless communication system
CN1801705A (en) Pre-authentication method
CN101080036A (en) Method for processing call in wireless communication network
CN1728635A (en) Authentication method in use for digital clustering operation in CDMA system
CN101043710A (en) Terminal process instructing system and method and terminal processing system and method
CN1770682A (en) Method for producing user card authentication random number of network apparatus and authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070124

Termination date: 20200610

CF01 Termination of patent right due to non-payment of annual fee