Location Update Call Flow:
Authentication Process:
The HLR requests the AUC (usually integrated with the HLR) for five authentication sets, and then sends a MAP_SEND_AUTHENTICATION_INFO_RSP message carrying the authentication sets to the MSC/VLR.
The MSC/VLR sends an Authentication request message carrying the first authentication set to the MS and stores the remaining authentication sets in the VLR.
On receiving the authentication request, the MS sends the RAND contained in the authentication set to the SIM. The SIM uses the A3 authentication algorithm to generate an SRES by using the RAND and the Ki stored in the SIM and uses the A8 authentication algorithm to generate a Kc. Then, the SIM sends the SRES and Kc to the MS and the MS sends an Authentication response message carrying the SRES to the MSC/VLR.
The MSC/VLR compares the SRES reported by the MS and the SRES provided by the AUC. If the SRESs are the same, the MSC/VLR passes the authentication and sends a CIPHER MODE COMMAND message to start the encryption flow. If the SRESs are not the same, the MSC/VLR denies the authentication and sends an Authentication reject message to the MS. On receiving the message, the MS stops accessing the network and adds the network to the list of unauthorized networks.
The MS uses the A5 encryption algorithm to perform encryption calculation by using the encryption mode (M), encryption key (Kc), and TDMA frame number, and then sends a CIPHER MODE COMPLETE message to the BSC. The BSC uses the A5 encryption algorithm to decrypt and restore the message. If there is no error, the BSC forwards the CIPHER MODE COMPLETE message to the MSC/VLR. At this point, the network access of the MS is complete.
Authentication Process:
The HLR requests the AUC (usually integrated with the HLR) for five authentication sets, and then sends a MAP_SEND_AUTHENTICATION_INFO_RSP message carrying the authentication sets to the MSC/VLR.
The MSC/VLR sends an Authentication request message carrying the first authentication set to the MS and stores the remaining authentication sets in the VLR.
On receiving the authentication request, the MS sends the RAND contained in the authentication set to the SIM. The SIM uses the A3 authentication algorithm to generate an SRES by using the RAND and the Ki stored in the SIM and uses the A8 authentication algorithm to generate a Kc. Then, the SIM sends the SRES and Kc to the MS and the MS sends an Authentication response message carrying the SRES to the MSC/VLR.
The MSC/VLR compares the SRES reported by the MS and the SRES provided by the AUC. If the SRESs are the same, the MSC/VLR passes the authentication and sends a CIPHER MODE COMMAND message to start the encryption flow. If the SRESs are not the same, the MSC/VLR denies the authentication and sends an Authentication reject message to the MS. On receiving the message, the MS stops accessing the network and adds the network to the list of unauthorized networks.
The MS uses the A5 encryption algorithm to perform encryption calculation by using the encryption mode (M), encryption key (Kc), and TDMA frame number, and then sends a CIPHER MODE COMPLETE message to the BSC. The BSC uses the A5 encryption algorithm to decrypt and restore the message. If there is no error, the BSC forwards the CIPHER MODE COMPLETE message to the MSC/VLR. At this point, the network access of the MS is complete.
No comments:
Post a Comment