摘要 |
A first network device (MME) of a first communication network obtains a challenge (RAND), generates a first PFS parameter (PFS1), obtains a first verification code (VC1A) for the first PFS parameter (PFS1), and sends the challenge (RAND), the first PFS parameter (PFS1) and the first verification code (VC1A) to a communication device(ME), which in turn receives the challenge (RAND), the first PFS parameter (PFS1) and the first verification code (VC1A), forwards the challenge or a derivative thereof to an identity module (USIM), receives at least one result parameter (CK/IK, RES) as response from the identity module (USIM),determines, based on the result parameter (CK/IK, RES), whether the first PFS parameter (PFS1) is authentic, and if the determination is positive generates and sends the second PFS parameter (PFS2) to the first network device, which in turn verifies the second PFS parameter (PFS2). |