Introduction This Part defines the services needed for supporting authentication of a Mobile End System (M-ES) by the Cellular Digital Packet Data (CDPD) Network. This Part specifies the data communication protocols to be used by the home MD-IS to verify the M-ES's credentials. This Part does not directly impact CDPD subscribers or M-ES manufacturers. This Part assumes that the reader is familiar with CDPD in general@ as presented in [IS-732- 100]. [IS-732-100] provides a comprehensive glossary of CDPD terms. This Part supports authentication of an M-ES Network Entity Identifier (NEI) by the CDPD Network. Serving MD-IS@ home MD-IS and the Authentication Server participate in the authentication of a M-ES NEI. The authentication procedures involve verification of the Authentication Sequence Number (ASN) and assignment of the Authentication Random Number (ARN). These procedures and protocols are described in [IS-732-406]. Authentication of an M-ES by the CDPD Network involves the following steps: a. Serving MD-IS and the M-ES exchange secret keys to be used for encryption and decryption of data transmitted across the airlink b. Serving MD-IS and the M-ES encrypt and decrypt data transmitted across the airlink c. M-ES presents its credentiais (one or more[NEI@ ASN@ ARN] triplet) to the serving MD-IS d. Serving MD-IS forwards M-ES's credentials to the home MD-IS e. Home MD-IS verifies correctness of the credentials through a verification request to the Authentication Server f. The Authentication Server validates or rejects the credentials and optionally generates new credentials for future use and communicates the results to the home MD-IS g. The home MD-IS then forwards the Authentication Results to the serving MD-IS h. The serving MD-IS then forwards the Authentication Results to the M-ES. This Part focuses on steps (e) and (f) of the M-ES authentication process. Steps (a) to (c) and step (h) are defined in [IS-732-406] and [IS-732-507]. Steps (d) and (g) are defined in [IS-732-501]. When a CDPD NEI Authentication Service User (CNA-SU)1 is in a different open system from a CDPD NEI Authentication Server (CNA-SP)2 with which it is interacting@ these interactions are supported by the CDPD NEI Authentication Protocol (CNA-P)@ which is an OSI application layer protocol. When the NEI Authentication Server is part of a home MD-IS@ use of the protocol specified in this Part is not required. Use of this protocol is only required if the home MD-IS and the Authentication Server are in different open systems and the service provider desires an open interface (that is compliant with this Part) between these open systems. Depending on the security policy of a service provider@ in addition to authentication services@ none@ part or all of access control policies can be implemented in the Authentication Server. Although this part only focuses on Authentication Services@ it does not preclude implementation of access control in the Authentication Server. 1. CNA-SU is part of home MD-IS. 2. CNA-SP is the Authentication Server.