TS-GB-S.R00-0v.0 HRPD Network Access Authentication for a Hybrid Access Terminal (HAT) with an R-UIM Used to Access Spread Spectrum Systems - System Requirements Mar,00 THE TELECOMMUNICATION TECHNOLOGY COMMITTEE
TS-GB-S.R00-0v.0 HRPD Network Access Authentication for a Hybrid Access Terminal (HAT) with an R-UIM Used to Access Spread Spectrum Systems - System Requirements <Remarks>. Application level of English description Application level : E English description is included in the text and figures of main body, annexes and appendices.. Relationship with international recommendations and standards This standard is standardized based on the Technical Specification S.R00-0(Version.0) approved by GPP.. Departures from international recommendations Changes to original standard Standards referred to in the original standard, which are replaced by TTC standards. Standards referred to in the original standard should be replaced by derived TTC standards.. IPR Status of Confirmation of IPR Licensing Condition submitted is provided in the TTC web site.. Working Group GPP Working Group i
GPP S.R00-0 Version.0 Version Date: October 00 HRPD Network Access Authentication for a Hybrid Access Terminal (HAT) with an R-UIM Used to Access Spread Spectrum Systems System Requirements COPYRIGHT NOTICE GPP and its Organizational Partners claim copyright in this document and individual Organizational Partners may copyright and issue documents or standards publications in individual Organizational Partner's name based on this document. Requests for reproduction of this document should be directed to the GPP Secretariat at secretariat@gpp.org. Requests to reproduce individual Organizational Partner's documents should be directed to that Organizational Partner. See www.gpp.org for more information.
No text.
EDITOR Robert J Marks, Samsung REVISION HISTORY REVISION HISTORY Revision number Content changes. Date.0 Initial Publication October 00
S.R00-0 v.0 9 0 Table of Contents TABLE OF CONTENTS... LIST OF TABLES... LIST OF FIGURES... INTRODUCTION... REFERENCES... DEFINITIONS AND ABBREVIATIONS... GENERAL FEATURE DESCRIPTION... REQUIREMENTS.... HAT REQUIREMENTS.... HOME AN-AAA REQUIREMENTS.... GENERAL REQUIREMENTS... NORMAL PROCEDURES WITH SUCCESSFUL OUTCOME... EXCEPTION PROCEDURES OR UNSUCCESSFUL OUTCOME... ALTERNATIVE PROCEDURES... INTERACTIONS WITH OTHER WIRELESS SERVICES...
S.R00-0 v.0 List of Tables
S.R00-0 v.0 List of Figures Figure Network Architecture for CAVE-based HRPD Access Authentication...
S.R00-0 v.0 9 0 9 0 9 0 INTRODUCTION A hybrid access terminal (referred to herein as a Hybrid Access Terminal, or HAT) is a device which can access both cdma000 x and HRPD networks for packet data services. To access the cdma000 x network, a HAT that has an R-UIM (see []) uses R-UIM-supported CAVE-based authentication. CAVE is described in []. To access the HRPD network, an optional network access authentication step may be required by the HRPD network (see [] and []). This optional step uses CHAP (see []) to exchange a challenge and response between the HAT and HRPD network. Currently, CHAP specifies that MD is used to compute the response. It is important to note that MD is not currently supported by all R-UIMs used to access a cdma000 x network. For an operator that deploys both cdma000 x and HRPD networks, there can be benefits to using common authentication credentials and authentication methods for accessing both networks. These requirements allow a properly configured HAT with an R-UIM to use CAVE-based authentication for access to both networks. These requirements specify the HAT authentication requirements and also the support required by the HRPD AN-AAA to authenticate such a HAT. REFERENCES. GPP A.S000-0 v.0, Interoperability Specification (IOS) for High Rate Packet Data (HRPD) Access Network Interfaces, May 00.. GPP A.S000-A v.0, Interoperability Specification (IOS) for High Rate Packet Data (HRPD) Access Network Interfaces - Rev A, May 00.. GPP C.S00-0 v.0, Removable User Identity Module (R-UIM) for cdma000 Spread Spectrum Systems, June 00. GPP C.S00-A v.0, Removable User Identity Module (R-UIM) for cdma000 Spread Spectrum Systems, February 00. GPP C.S00-B v.0 Removable User Identity Module (R-UIM) for cdma000 Spread Spectrum Systems, May 00.. GPP N.S000 v.0, Cellular Radiotelecommunications Intersystem Operations, Dec 999.. IETF RFC99, PPP Challenge Handshake Authentication Protocol (CHAP), Aug 99. DEFINITIONS AND ABBREVIATIONS ABBREVIATIONS AND ACRONYMS AC AN AN-AAA Authentication Center Access Network Access Network Authentication Authorization and Accounting cdma000 is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of GPP. Geographically (and as of the date of publication), cdma000 is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States.
S.R00-0 v.0 AT CAVE HAT HRPD HLR Access Terminal Cellular Authentication and Voice Encryption algorithm Hybrid Access Terminal High Rate Packet Data Home Location Register MD Message Digest # R-UIM UIMID VLR Removable User Identity Module UIM Identifier Visited Location Register DEFINITIONS Hybrid Access Terminal: A dual-mode access terminal capable of accessing both cdma000 x and HRPD access networks for packet data services. HAT User: The subscriber using a hybrid access terminal. RAND: A -bit random number used as a challenge for authentication. GENERAL FEATURE DESCRIPTION Figure shows the network architecture pertaining to authentication of HAT access to cdma000 x and HRPD networks when both networks use CAVE-based access network authentication. CDMA000 X BS MSC/VLR HLR/AC HAT HRPD AN Home AN-AAA 9 0 9 0 Figure Network Architecture for CAVE-based cdma000 x and HRPD Network Access Authentication The line connecting the AN-AAA and HLR/AC represents an interface between the AN-AAA and HLR/AC that is used when the HAT and HRPD network support CAVE-based authentication. The AN-AAA incorporates functions to allow it to act as a VLR and access the HLR/AC for authenticating the HAT when using CAVE-based authentication. In all cases, the HAT accesses the cdma000 x network using CAVE-based authentication. When accessing an HRPD network that uses access authentication, a HAT which is configured to use CAVE-based authentication translates the CHAP challenge sent by the AN into the RAND. It uses its R-UIM to compute an AUTHR using the RAND and returns the AUTHR in the CHAP response.
S.R00-0 v.0 9 0 9 0 9 0 9 0 The AN forwards both the CHAP challenge and response to the AN-AAA as it normally does for HRPD network access authentication. The AN is unaware that the HAT used CAVE-based authentication. Since the AN-AAA is also configured to use CAVE-based authentication for this HAT, it processes the message from the AN correctly, interworking with the HLR/AC as needed to authenticate the HAT. It determines whether or not the HAT is authentic, returns the results to the AN, and access proceeds normally. REQUIREMENTS. HAT Requirements HAT-0: HAT-0: The HAT shall use an operator-assigned authentication key stored in the R-UIM. The HAT shall use an operator-selected authentication algorithm implemented in the R-UIM. The following requirements apply if the operator-selected authentication algorithm is CAVE. HAT-0: HAT-0: HAT-0: HAT-0: The CAVE challenge (i.e., RAND) shall be obtained from the CHAP Challenge message. The CAVE response (i.e., AUTHR) shall be carried in the CHAP Response message. The HAT shall return its identification in the CHAP Response message.this identification shall include an operator-assigned value stored in the R-UIM that is associated with the operator-assigned authentication key stored in the R-UIM. If the HAT cannot perform CAVE-based authentication, the HAT shall not send a CHAP Response message to the AN.. Home AN-AAA Requirements AAA-0: AAA-0: The AN-AAA may support CAVE-based authentication. If the AN-AAA supports CAVE-based authentication, it shall operate as a VLR when accessing the HLR/AC, and shall support those N.S000 messages and procedures required to perform mobile station authentication. The AN-AAA shall be able to determine if a HAT uses CAVE-based authentication. The following requirements apply to the AN-AAA if the HAT uses CAVE-based authentication. AAA-0: AAA-0: The AN-AAA shall be able to determine the RAND used by the HAT. The AN-AAA shall be able to determine the authentication response (i.e., AUTHR) sent by the HAT. The following requirements apply to the AN-AAA for all authentication methods. AAA-0: AAA-0: AAA-0: The AN-AAA shall be able to support authentication bypass. If authentication is bypassed for a specific HAT, the AN-AAA shall indicate successful authentication for the HAT. The AN-AAA shall be able to bar a HAT from accessing the HRPD network after HAT authentication has failed an operator-determined number of times. The AN-AAA shall not prohibit an operator from using different authentication algorithms.
S.R00-0 v.0 9 0 9 0 9 0. General Requirements GEN-0: The AN-AAA in a visited system shall not require changes to support this feature. Normal Procedures with Successful Outcome Authorization This feature is authorized when the operator configures the HAT and AN-AAA to use it. De-Authorization This feature is de-authorized when the operator configures the HAT and AN-AAA not to use it. Registration None needed. De-Registration None needed. Activation This feature is activated when the operator configures the HAT and AN-AAA to use it. De-Activation This feature is deactivated when the operator configures the HAT and AN-AAA not to use it. Invocation This feature is invoked in the HAT when a HAT supporting this feature receives a CHAP Challenge message from the AN when accessing the HRPD network. This feature is invoked in the AN-AAA when an authentication request is received for a HAT configured to use the feature. Normal Operation with Successful Outcome The CHAP response computed by the HAT is authenticated by the AN-AAA and the HAT is allowed to access the HRPD network. Call Detail Record No impact. Exception Procedures or Unsuccessful Outcome Registration De-Registration Activation De-Activation
S.R00-0 v.0 9 0 Invocation If the HAT or AN-AAA cannot perform the required authentication procedures, the HAT may not be allowed to access the HRPD network. Exceptions While Roaming Exceptions During Intersystem Handoff Alternative Procedures Interactions with Other Wireless Services