LTE: Authentication Response

Ø   The UE processes the authentication challenge data received in AUTHENTICATION REQUEST message (RAND and AUTNand responds with an AUTHENTICATION RESPONSE message in order to deliver a calculated authentication response RES to the network
Ø    In an EPS authentication challenge, the response calculated in the USIM (RES) is minimum 4 octets and may be up to 16 octets in lengthThe RES is included in the IE Authentication response parameter in the AUTHENTICATION RESPONSE message
Ø       Upon receipt of an AUTHENTICATION RESPONSE message the MME compares the received RES value with the XRES (Expected Response) value. If RES == XRES, then the network considers that the UE has successfully authenticated itself to the network
Ø     If the AUTHENTICATION RESPONSE returned by the UE is not valid (RES != XRES), the network response depends upon the type of identity used by the UE in the initial NAS message (if GUTI was used or IMSI was used) as explained below:
·           If the GUTI was used, the network should initiate an identification procedure. If the IMSI given by the UE during the identification procedure differs from the IMSI the network had associated with the GUTI, the authentication should be restarted with the correct parameters. Otherwise, if the IMSI provided by the UE is the same as the IMSI stored in the network (i.e. authentication has really failed), the network should sends AUTHENTICATION REJECT message to the UE
·           If the IMSI was used for identification in the initial NAS message, or the network decides not to initiate the identification procedure after an unsuccessful authentication procedure, the network should send an AUTHENTICATION REJECT message to the UE
Reference: 3GPP TS 24.301
Example: AUTHENTICATION RESPONSE

1 comment: