In Mobility ManagementEdit
Authentication serves two purposes: mutual verification of both the network and the UE, and the allocation of keys for ciphering and integrity. The procedure is initiated by the network with an AUTHENTICATION REQUEST message to the UE, containing a RAND and an authentication parameter (AUTN). The USIM card contains a secret key, known only to the Authentication Centre (AuC) in the user's home network. Using this secret key, the USIM can check that the authentication is genuine. It then uses its secret key and the RAND to generate an expected user response (XRES) back to the network in AUTHENTICATION RESPONSE. If this response matches the network's expectation, then the UE is genuine and is authorized. The USIM also has two further algorithms that can generate the cipher and integrity keys from the same RAND and AUTN. To reduce the overhead for security, the AuC generates a set of authentication vectors, each consisting of a RAND, AUTN, XRES and the cipher and integrity keys, based on an incrementing sequence number. Subsequent authentications can just take the next vector in the series without having to go back to the AuC.
In GPRS Mobility ManagementEdit
Authentication is performed with the AUTHENTICATION AND CIPHERING REQUEST message, sent from the network to the UE. This message is similar to the CS domain request, with the same authentication parameters, RAND and AUTN. Seperate ciphering and integrity keys are used for PS domain