Pix you said
– it’s up to the network to require authentication. If the MSC doesn’t ask the authentication request, then the MS won’t get authentified.
– The ciphering is done few messages after : ciphering mode command, ciphering mode confirm, where the MS and the NSS exchange cipher key.
That is fine provided network operator uses ciphering. What about countries where ciphering not implemented… Would auth be required each time or if not are you saying operator solely rely on IMSI request per call?