7.3.3 Authentication of Subscriber
23.1193GPPGateway Location Register (GLR)Release 17Stage 2TS
Authentication procedures already defined in GSM shall be used, with the distinction that the procedures are executed from the SGSN. Additionally, the authentication procedure performs the selection of the ciphering algorithm and the synchronisation for the start of ciphering. Authentication triplets are stored in the SGSN. The MSC/VLR shall not authenticate the MS via the SGSN upon IMSI attach, nor location update, but may authenticate the MS during CS connection establishment. Security-related network functions are described in TS 33.102 [12].
The Authentication procedure is illustrated in Figure 7.3/11. Each step is explained in the following list.
Figure 7.3/11: Authentication Procedure
1) If the SGSN does not have previously stored authentication triplets, a Send Authentication Info (IMSI) is sent to the GLR, which the GLR sends to the HLR without modification at the application layer. The HLR responds with Send Authentication Info Ack (Authentication Triplets). Each Authentication Triplet includes RAND, SRES and Kc.
2) The SGSN sends Authentication Request (RAND, CKSN, and Ciphering Algorithm). The MS responds with Authentication Response (SRES).
The MS starts ciphering after sending the Authentication Response message. The SGSN starts ciphering when a valid Authentication Response is received from the MS.