HRPD network access authentication method based on CAVE algorithm

07-04-2005 дата публикации

Номер:

AU2004306046A1

Автор: LIU WEIMIN, WEIMIN LIU

Принадлежит: Beijing Samsung Telecom R&D Center, SAMSUNG ELECTRONICS CO LTD

Контакты:

Номер заявки: 60-30-200446

Дата заявки: 24-09-2004

[1]

(19)AUSTRALIAN PATENT OFFICE (54) Title HRPD network access authentication method based on CAVE algorithm (51)⁶ International Patent Classification(s) H04B 7/26 (2006.01) 20060101AFI20060101 H04B 7/26 BHAU PCT/KR2004/002489 (21) Application No: 2004306046 (22) Application Date: 2004 .09.24 (87) WIPO No: WO05/032013 (30) Priority Data (31) Number (32) Date (33) Country 2004100050628 2004.02.16 CN 03160121.9 2003.09.26 CN (43) Publication Date : 2005 .04.07 (71) Applicant(s) Samsung Electronics Co., Ltd.; Beijing Samsung Telecom R&D Center (72) Inventor(s) Liu, Weimin (74) Agent/Attorney Griffith Hack, 509 St Kilda Road, Melbourne, VIC, 3004 (-1-1) Application No_AU2004306046 A1(19)AUSTRALIAN PATENT OFFICE (54) Title HRPD network access authentication method based on CAVE algorithm (51)⁶ International Patent Classification(s) H04B 7/26 (2006.01) 20060101AFI20060101 H04B 7/26 BHAU PCT/KR2004/002489 (21) Application No: 2004306046 (22) Application Date: 2004 .09.24 (87) WIPO No: WO05/032013 (30) Priority Data (31) Number (32) Date (33) Country 2004100050628 2004.02.16 CN 03160121.9 2003.09.26 CN (43) Publication Date : 2005 .04.07 (71) Applicant(s) Samsung Electronics Co., Ltd.; Beijing Samsung Telecom R&D Center (72) Inventor(s) Liu, Weimin (74) Agent/Attorney Griffith Hack, 509 St Kilda Road, Melbourne, VIC, 3004 -1-

[2]

A HRPD network access authentication method based on CAVE algorithm is provided. An AT (Access Terminal) generates a random number “RAND” necessary for a calculation of an AUTH1 by using a “Random text” included in the CHAP Challenge message. A UIM (User Identity Module) card works out the AUTH1 by using the random number “RAND” and an SSD_A (Shared Secret Data A) in the UIM card. The AT carries the AUTH1 in a Result field of the CHAP Response message. An AN-AAA (Access Network-Authentication, Authorization, and Accounting) generates the random number “RAND” necessary for the calculation of an AUTH2 by using a “Random text” included in a Radius Access Request message. The AN-AAA works out the AUTH2 by using the random number “RAND”. The two results AUTH1 and AUTH2 are compared. If the results are the same, the authentication on the AT passes. Otherwise, AT access is rejected.

1. A HRPD (High Rate Packet Data) network access authentication method based on CAVE algorithm, comprising the following steps:

generating, by an AT(access terminal), a random number "RAND" necessary for the CAVE algorithm by using the CHAP challenge message; generating, by a UIM card which includes the CAVE algorithm, an AUTH1 that the UIM works out by the CAVE algorithm by using said random number "RAND" and a SSD in a UIM card; sending, by the AT, the AUTH1 by using a CHAP response message; generating, by an AN-AAA which includes the CAVE algorithm, the random number "RAND" by using a access request message; generating, by the AN-AAA, an AUTH2 by using said random number "RAND" and a SSD; and comparing the two results AUTH1 and AUTH2, and if they are just the same, the authentication of the AT passes.

2. The method as defined in Claim 1, wherein the SSD used in the UIM card can be used in CDMA2000 1 x network access authentication.

3. The method as defined in Claim 1, wherein the SSD necessary for the CAVE algorithms in the AN-AAA originates from a CDMA2000 lx network authentication center.

4. The method as defined in Claim 1, wherein the random number RAND is obtained from a "Random text" included in the CHAP challenge message or access request message.

5. The method as defined in Claim 3, wherein the AN-AAA operate as a VLR of the CDMA2000 lx network when it need to get SSD from the CDMA2000 1X network authentication center.

N:\Melbourne\Cases\Patent000-60999\P60308.AU\Speos\P60308AU Speoficati0n 2008-3-5.doc 7103/08

6. The method as defined in Claim 1, wherein the CHAP Response message includes such parameter fields as the NAI(Network Access Identifier), a Random text and the AUTH1, in which a Result field is used for storing the AUTH1 that the UIM works out by the CAVE algorithm.

7. The method as defined in Claim 1, wherein the CHAP response message includes parameter field NAI (Network Access Identifier) which is constructed by the combination of the IMSI in the UIM card and a domain name in the AT.

8. The method as defined in Claim 1, wherein a Access Request message includes such parameter fields as the NAI (Network Access Identifier), the Random text and the AUTH1, in which a Result field is used for storing the AUTH1 that the UIM card works out by the CAVE algorithm.

9. The method as defined in Claim 1, wherein the mefl 10 d adopted by the AN-AAA for calculating an AUTH2 is the same as the one adopted by the UIM card for calculating the AUTH1.

10. The method as defined in Claim 1, wherein it further comprises the step of determining whether the access terminal use CAVE algorithm by the AN-AAA.

11. The method as defined in Claim 10, wherein the terminal is identified according to a NAI (Network Access Identifier).

12. The method as defined in Claim 10, wherein the AN-AAA performs no process on the parameters included in theAccess Request message, works out a result by a MD5 algorithm, and then compares this result with the result sent by AT, and if they are just the same, the authentication passes; otherwise, the AN-AAA processes the parameters included in the Access Request message, works out a result based on the CAVE algorithm, and compares this result with the result sent by the AT, and wherein if they are just the same, the authentication passes; otherwise, the AT is rejected to access.

13. The method as defined in Claim 10, wherein the AN-AAA first processes the parameters included in the Access Request message, works out a result by the CAVE algorithm, and then Compares this result with the result sent by the AT, and if they are just the same, the authentication passes; otherwise, the AN-AAA works out a result by MD5 algorithm by using the original parameters included in the Access Request message, and then Compares this result with the result sent by the AT, if they are just the same, the authentication passes; otherwise, the AT is rejected to access the network.

14. A HRPD (High Rate Packet Data) network access authentication method based on CAVE algorithm, comprising the following steps:

receiving, by an cdma2000 lx and HRPD HAT (hybrid access terminal) including a removable UIM(user identity module), a CHAP challenge message from the HRPD system; generating, by the removable UIM card which includes the CAVE algorithm, an AUTH 1 that the UIM works out by the CAVE algorithm by using the CHAP challenge message and a SSD in the removable UIM card; sending, by the HAT, the result of the CAVE algorithm (AUTH1) with NAI (Network Access Identifier) by using a CHAP response message to the HRPD system; transmitting, by the HRPD system, the AUTHI AND NAI by using access request message; generating, by an AN-AAA which includes the CAVE algorithm, an AUTH2 by using the access request message and a SSD; and transmitting an access accept message to the HRPD system when the two results AUTH 1 and AUTH2 is identical.

15. The method as defined in Claim 14, wherein the SSD used in the UIM card can be used in CDMA2000 1 x network access authentication.

16. The method as defined in Claim 14, wherein the SSD necessary for the CAVE algorithms in the AN-AAA originates from a CDMA2000 1 x network authentication center.

N:'dVlelboume\Cases\Patent000-60999\P60308.AU\Speos\P60308AU Speofication 2008-3-5.doc 7/03/08

17. The method as defined in Claim 14, wherein the CHAP challenge message and access request message includes random text and a random numbers "RAND" are obtained from the random text.

18. The method as defined in Claim 16, wherein the AN-AAA operate as a VLR of the CDMA2000 lx network when it communicate with the CDMA2000 1X network authentication center.

19 The method as defined in Claim 14, wherein the CHAP Response message includes such parameter fields as the NAI(Network Access Identifier), a Random text and the AUTH1, in which a result field is used for storing the AUTH 1 that the UIM works out by the CAVE algorithm.

20. The method as defined in Claim 14, wherein the CHAP response message includes parameter field NAI (Network Access Identifier) which is constructed by the combination of the IMSI in the UIM card and a domain name in the AT.

21. The method as defined in Claim 14, wherein a Access Request message includes such parameter fields as the NAI (Network Access Identifier), a random text and the AUTH1, in which a Result field is used for storing the AUTH1 that the UIM card works out by the CAVE algorithm.

22. The method as defined in Claim 14, wherein the method adopted by the AN-AAA for calculating an AUTH2 is the same as the one adopted by the UIM card for calculating the AUTH1.

23. The method as defined in Claim 14, wherein it further comprises the step of determining, at the AN-AAA, whether the HAT use CAVE algorithm.

24. The method as defined in Claim 23, wherein the terminal is identified according to a NAI (Network Access Identifier).

N:' "Aelboume\Cases\Patent000-60999\P60308.ALRSpecis\P60308.AU Specification 2008-3-5.doc 7/03/08

25. A method for operating during authentication in a hybrid access terminal (HAT) which can operate CDMA2000 l x and high rate packet data (HRPD), comprising the steps of; upon receipt of SSD up-date message from CDMA2000 lx network, updating the SSD stored in a removable UIM (user identity module) included in the HAT, receiving a CHAP challenge message from a HRPD system; generating, by the removable UIM card which includes the CAVE algorithm, an AUTH1 that the UIM works out by the CAVE algorithm by using the CHAP challenge message and the SSD in the removable UIM card; transmitting, by the HAT, the result of the CAVE algorithm (AUTH1) with NAI (Network Access Identifier) by using a CHAP response message to the HRPD system; and receiving access accept message from the HRPD system.

26. The method as defined in Claim 25, wherein the SSD used in the UIM card can be used in CDMA2000 1 x network access authentication.

27. The method as defined in Claim 25, wherein the CHAP challenge message and access request message includes random text and a random numbers "RAND" are obtained from the random text.

28. The method as defined in Claim 25, wherein the CHAP response message includes parameter field NAI (Network Access Identifier) which is constructed by the combination of the IMSI in the UIM card and a domain name in the AT.

29. The method as defined in Claim 25, wherein the CHAP Response message includes such parameter fields as the NAI(Network Access Identifier), and the AUTH1, in which a result field is used for storing the AUTH1 that the UIM works out by the CAVE algorithm.

CPC - классификация

H H0 H04 H04L H04L6 H04L63 H04L63/H04L63/0 H04L63/04 H04L63/042 H04L63/0428 H04L63/08 H04L63/085 H04L63/0853 H04L63/089 H04L63/0892 H04L9 H04L9/H04L9/0 H04L9/06 H04L9/064 H04L9/0643 H04L9/08 H04L9/086 H04L9/0869 H04L9/3 H04L9/32 H04L9/323 H04L9/3234 H04L9/327 H04L9/3271 H04W H04W1 H04W12 H04W12/H04W12/0 H04W12/06 H04W12/069 H04W12/08 H04W12/084

IPC - классификация

H H0 H04 H04B H04B7 H04B7/H04B7/2 H04B7/26 H04L H04L2 H04L29 H04L29/H04L29/0 H04L29/06 H04L9 H04L9/H04L9/2 H04L9/28 H04W H04W1 H04W12 H04W12/H04W12/0 H04W12/06 H04W12/069 H04W12/08 H04W12/084

Получить PDF