scope:

High Rate Packet Data (HRPD) network access authentication is described in [1] and [2]. This document provides alternative procedures that allow a properly configured Hybrid mobile station / Access Terminal (HAT) to use its cdma2000^®1 1x access network authentication credentials and the Cellular Authentication and Voice Encryption (CAVE) algorithm (refer to [6]) when accessing an HRPD network that requires HRPD network access authentication.

Because HRPD network access authentication is optional, it may not be invoked by every HRPD network. If it is invoked by an HRPD network, the network initiates the Challenge Handshake Authentication Protocol (CHAP) [8]. In an HRPD network that complies with [2], CHAP is used between the Access Network (AN) and the HAT. In an HRPD network that complies with [1], CHAP is used between the Packet Control Function (PCF) and the HAT. CHAP specifies that the AN/PCF sends a CHAP Challenge message to the HAT, and the HAT returns a CHAP Response message to the AN/PCF. After receiving the CHAP Response message, the AN/PCF sends both its challenge and the HAT's response to its Access Network-Authentication, Authorization, and Accounting (AN-AAA) function. The home AN-AAA authenticates the HAT and returns the results to the AN/PCF.

For this feature of authenticating the HAT by using its cdma2000 1x access network authentication credentials and the CAVE algorithm, the HAT treats the challenge in the CHAP Challenge message as a global random challenge (refer to [3], [4] and [5]). When the CHAP challenge message is received, the HAT uses the challenge as input to the Run CAVE function on its Removable User Identity Module (RUIM) (refer to [3], [4] and [5]) and places the result in the CHAP response message.

When the home AN-AAA receives the HRPD network access authentication request from the AN/PCF (refer to [1] and [2]), it determines if the HAT used cdma2000 1x access network authentication credentials and the CAVE algorithm to create its CHAP response. If the HAT used cdma2000 1x access network authentication credentials and the CAVE algorithm to create the CHAP response, then the home AN-AAA authenticates the HAT using the HAT's cdma2000 1x access network authentication credentials and the CAVE algorithm. If the home AN-AAA cannot authenticate the HAT independently, it communicates with the Home Location Register / Authentication Center (HLR/AC) to authenticate the HAT.

¹ cdma2000^® is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of 3GPP2. Geographically (and as of the date of publication), cdma2000^® is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States.