Overview#Authentication Center (AuC) is a Global System for Mobile Communications component to authenticate each SIM card that attempts to connect to the GSM core network (typically when the Mobile Station is powered on).
If the authentication fails, then no services are possible from that particular combination of SIM card and Mobile Network Operators attempted. There is an additional form of identification check performed on the IMEI of the mobile Device described in the EIR section below, but this is not relevant to the AuC processing.
Proper implementation of security in and around the AuC is a key part of an operator's strategy to avoid SIM cloning.
The AuC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure. The security of the process depends upon a shared secret between the AuC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AuC. This Ki is never transmitted between the AuC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.