Browse Prior Art Database

Cross-protocol authentication

IP.com Disclosure Number: IPCOM000126030D
Original Publication Date: 2005-Jun-29
Included in the Prior Art Database: 2005-Jun-29
Document File: 6 page(s) / 1M

Publishing Venue

Motorola

Abstract

One can convert the authentication parameters of the first protocol of a first system to authentication parameters of a second protocol of a second system in such a way that the conversion is transparent to the second system. Thus, a Mobile Station (MS) that has roamed from the first to the second system can use the authentication messages of second protocol together with the authentication parameters and the authentication algorithm of the first protocol

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 24% of the total text.

Cross-protocol authentication

Jheroen P. Dorenbosch, Motorola, Inc.

Abstract

One can convert the authentication parameters of the first protocol of a first system to authentication parameters of a second protocol of a second system in such a way that the conversion is transparent to the second system.  Thus, a Mobile Station (MS) that has roamed from the first to the second system can use the authentication messages of second protocol together with the authentication parameters and the authentication algorithm of the first protocol. 

Mobile Stations may roam between wireless systems that use different protocols.  In particular, the wireless systems may use different authentication methods.  The methods may have differences in the sizes of the fields that are used to carry the authentication challenge, the authentication response and the encryption keys.  The methods may also use different authentication algorithms. 

There is a standardized solution to support roaming between GSM and CDMA.  This standard, TIA:IS-J-STD-038-B, requires that the MS supports two different authentication algorithms (A3 and CAVE).  Each algorithm requires its own shared secret.  It also requires separate key storage in the infrastructure for each algorithm: the CDMA Authentication Center (AUC) and the GSM Interoperability Function (IIF) 

US patent 6,584,310 B1 describes an alternative approach that allows for cross protocol authentication between GSM and IS-41.  In this article, we discuss variations on this approach.  We also point out that the same approach can applied to a wider range of protocols.   For example, the approach can be used to cross- authenticate between iDEN and CDMA.

Figure 1 shows how a CDMA AUC generates a standard CDMA triplet.  The AUC shares a secret key with the MS that needs to be authenticated.  The AUC uses a random challenge and the shared secret to compute a response and an encryption key (steps 1 and 2 in Figure 1).  The AUC packages the challenge, response and encryption key into a triplet and sends the triplet to the CDMA Mobile Switching Center (MSC) (step 3).  When the MSC receives the triplet, it forwards the challenge to the MS (step 4) and retains the response and the encryption key.  The MS uses the challenge and its copy of shared secret to generate its response and encryption key (step 5 in Figure 1).  The MS returns its response to the MSC (step 6), which compares the MS’s response with the retained response (step 7).  If the two responses are the same, the MS can be assumed to know the shared secret and is considered authenticated. 

Similarly to what is disclosed in US patent 6,584,310 B1, one can let an entity in a first or second system convert the authentication parameters of the first protocol of the first system to authentication parameters of a second protocol of the second system in such a way that the parameters can be used in the second system that is transparent to the second system’s inf...