1.5 Verteilte Datenbanken

In the typical signalling protocol between a user and the network presented above, we did so as if all information required for the authentication and encryption processes reside in one place in the network. But in reality, the data are distributed physically in several databases. Messages, information and parameters between the distributed databases are transferred with strictly defined protocol sequences.

To illustrate the principle of distributed databases, we describe here the process when a user want to access network which is not his home network. A user can access the network from anywhere with its IMSI. The VLR of the visited radio network part requests the necessary data from the home register (HLR) and receives sets of random bit streams RAND, associated responses SRES and session keys Kc, which it stores for the time of the visit. The VLR assignes a temporary identity TMSI1 to the user, which is transmitted to him encrypted. On the animation the message sequence is presented very simplified. This also regards the message sequences between the databases (HLR-VLR and VLR-VLR), which belongs to the SS7. When the user moves to another network location area, also belonging to the ”foreign” network, he can authenticate itself with his pseudonym TMSI1 and the LAI of the last network location area. The responsible VLR of the new network location area requests the requred data (RAND, SRES, Kc) from the issuer of the pseudonym TMSI1, the VLR1. The VLR2 generates a new pseudonym for the user, TMSI2, and sends it encrypted with Kc to him. Note that if user is outside the home network, the visited network requests sets of (RAND, SRES, Kc) from the home network, and this allows the visited network to communicate with the handset without gaining access to the algorithms A3 and A8. As the SIMs and their contents (including A3 and A8) are controlled by the respective network operators, this structure leaves room for national and business policy enforcement. The algorithm A5, on the other hand, has to be supported by all networks and end devices in order to interoperate properly.