The GSM Authentication procedure performs subscriber authentication, or selection of the ciphering algorithm, or both. In A/Gb mode it performs in addition the synchronisation of the start of ciphering. Authentication triplets are stored in the SGSN. The MSC/VLR shall not authenticate the MS via the SGSN upon IMSI attach, nor location update, but may authenticate the MS during CS connection establishment. Security-related network functions are described in TS 43.020
The GSM Authentication procedure is illustrated in Figure 27.
If the SGSN does not have a previously stored authentication vector, a Send Authentication Info (IMSI) message is sent to the HLR. The HLR responds with a Send Authentication Info Ack (Authentication Triplets or quintets) message.
The SGSN sends an Authentication and Ciphering Request (RAND, CKSN, Ciphering Algorithm) message to the MS. The MS responds with an Authentication and Ciphering Response (SRES) message.
In A/Gb mode, the MS starts ciphering after sending the Authentication and Ciphering Response message as described in clause "Start of Ciphering".
Change of the ciphering algorithm during PS Handover procedure is described in TS 43.129
In Iu mode, the SGSN and the MS shall generate the UMTS CK and IK from the GSM Kc using the standardised conversion functions specified for this purpose in TS 33.102
In Iu mode, the start of ciphering is controlled by the security mode procedure described in TS 33.102
If the SGSN cannot determine the HLR address to establish the Send Authentication Info dialogue, the GSM Authentication of Procedure fails.