An authentication technique based on distributed security management for the global mobility network

This paper proposes an authentication technique for use in the global mobility network (GLOMONET), which provides a personal communication user with global roaming service. This technique is based on new distributed security management, where authentication management in roaming-service provision is conducted only by the roamed network (the visited network). The original security manager (OSM) administrates the original authentication key (OAK) acquired when a user makes contracts with the home network, while the temporary security manager (TSM) is generated for a roamer in the visited network in order to provide roaming services. The TSM generates and administrates the temporary authentication key (TAK) for a roamer, which key is confidential to the OSM, releases the TAK administration when a roamer moves to other networks, and then disappears. The proposed authentication technique consists of two phases. In the roaming-service-setup phase, triggered by the user´s location registration request, authentication control to set up the roaming-service environment is negotiated by the TSM in the visited network, the OSM, and the roamer. In the roaming-service-provision phase, triggered by the user´s service request, authentication control to provide the roaming service is negotiated (using the TAK acquired by the roamer in the first phase) only by the visited network and the roamer. This authentication control using the TAK provides a unified authentication procedure with a single logic to both subscribers and roamers. In addition, the security management of the whole GLOMONET is reinforced and the security responsibility is made clear by allocating the subscriber´s/roamer´s security administration to only the TSM