Specifications
Interface Protocols
Operating Characteristics
3-18 68P81095E55-E August 08, 2000
Authentication
Authentication is the process between the MS and the iDEN system that identifies
the MS and permits access to the system and the provisioned services.
MSs are authenticated using a signature number. During initial registration, the MS
identifies itself with a IMEI and an authentication algorithm (Ki). The HLRs use the
MSs signature algorithm to generate a set of 32 signature numbers from a set of 32
random numbers. Both number sets are transferred to a lookup table in the VLRs.
During authentication the mobile sends an ID to the VLRs. The ID is one of:
• International Mobile Equipment Identifier (IMEI) — at initial registration
• International Mobile Subscriber Identifier (IMSI) — ongoing registrations
• Temporary Mobile Subscriber Identifier (TMSI) — for interconnect calls
• Internet Protocol (IP) address — for Packet Data Networking
The VLRs sends one of the random numbers to the mobile. The mobile runs the
signature generator and obtains a signature number. The MS returns signature to the
VLR where it is compared the expected signature in the lookup table. Services are
allowed or denied depending on the results of the comparison (Figure 3-15).
Figure 3-15 Mobile Station Authentication Process
When the MS powers up, it attempts to register with the system. During this initial
registration, the MS:
1) Sends its IMEI to the iDEN FNE
2) Receives an IMSI assigned by the DAP/MSC
3) Receives the essential operating parameters
These parameters are downloaded over-the-air to the MS and allow system access
over one of the Primary Control Channels for the provider.
Authentication Center
HLR
(MSC & DAP)
Algorithm
Signature
Response
Ki
Transmitted
Transmited
MS
Algorithm
Signature
Response
(1 of 32)
Access
OK
No
Access
Signature
OK?
Ki
Random
Number
(1 of 32)
Yes
No
Pre-
programmed
Input on
activation
Authentication Request
and Random number
Signature Response
Compare
Signatures
T. N. French