APPARATUS AND METHOD FOR PERFORMING AN AUTHENTICATION PROCESS IN A MOBILE COMMUNICATION SYSTEM

摘要

PURPOSE: An apparatus for performing authentication in a mobile communication system and a method thereof are provided to enable an authentication process in an EPS(Evolved Packet System) in case of HSS(Home Subscriber Server) overload, thereby stably providing the service to a UE(User Equipment). CONSTITUTION: A MME(Mobility Management Entity)(220) detects HSS(230) overload in step 211. The MME transmits a common default subscription data request message to an AC(Authentication Center)(240) in step 213. The AC transmits a common default subscription data response message as a response message to the common default subscription data request message in step 215. The MME switches from an operation mode to an overload mode in step 217. A UE(210) transmits an attach request message to the MME in order to connect to a network in step 219. The MME transmits an alternative authentication data request message to the AC in step 221. The AC derives an alt_k as a security key using IMSI(International Mobile Subscriber Identity) of the UE included in the alternative authentication data request message and an alternative key stored in advance, and derives an XRES(Expected Response)' value using the alt_k in step 223. The AC transmits an alternative authentication data response message as a response message to the alternative authentication data request message to the MME in step 225. After receiving the alternative authentication data response message from the AC, the MME transmits a user authentication request message for requesting a user authentication to the UE in step 227. The UE derives an alt_k and RES(Response)' value using the alternative key stored in advance in step 229. The UE transmits a user authentication response message as a response message to the user authentication request message to the MME in step 231. The MME checks whether the RES' value included in the user authentication response message is the same with the XRES' value included in the alternative authentication data response message in step 233. The MME transmits an attach reject message to the UE when the said values are not identical in step 235. The MME transmits an attach accept message to the UE when the said values are identical in step 237. [Reference numerals] (211) Detecting the occurrence of overload in an HSS; (213) Common default subscription data request message; (215) Common default subscription data response message(common default subscription data); (217) Shifting to an HSS overload mode; (219) Attach request message(IMSI, alt_key_capable); (221) Alternative authentication data request message(IMSI); (223) Drawing alt_k and an XRES' value; (225) Alternative authentication data response message(alt_k,XRES' value,RAND,AUTN); (227) User authentication request message(RAND,AUTN,alt_key_usage); (229) Drawing alt_k and an RES' value; (231) User authentication response message(RES' value); (233) RES' value is equal to the XRES' value?; (235) Attach reject message; (237) Attach accept message; (239) Providing a service; (241) Detach request message(IMSI); (243) Detach accept message(IMSI); (AA) No; (BB) Yes;