In an effort to prevent illegal "cloning," networks "authenticate" each mobile as it enters service and at other random times as it migrates through the network. Prior to the implementation of authentication in the late 1990s, cloned mobiles absorbed perhaps as much as 25 to 35 percent of some networks' airtime (depending on location). Loss of airtime to fraudulent users may be only a soft loss (the network does not incur any direct billable costs due to other corporations). It does, however, still deplete network capacity, preventing valid "paying" customers from making and receiving calls. In addition to soft losses, many of the cloned users were placing long distance calls, often outside the US, thereby inflicting hard losses on networks. This form of fraud was all but eliminated by the implementation of the TR-45 authentication process.

The TR 45 standard authentication process involves an authentication key (A-key) number stored in the mobile and in the network, Shared Secret Data (SSD) and an authentication algorithm known as the CAVE (Cellular Authentication/Voice Encryption) algorithm. In this process, the network may either order the mobile to update the SSD information, or it may issue a "unique challenge" to the mobile. In both cases, a random seed number is sent to the mobile, which then injects this random number into the CAVE algorithm along with the SSD, which it generated locally using the A-key (neither the SSD nor the A-key is transmitted over the air), and generates a result. This result is sent back...