Difference between revisions of "SendAuthenticationInfo"
From ss7api.null.ro
(→Note) |
|||
| (7 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| + | {{DISPLAYTITLE:sendAuthenticationInfo}} | ||
==Capability: Authentication== | ==Capability: Authentication== | ||
| Line 16: | Line 17: | ||
* '''imsi''' – Identity of the SIM requiring authentication | * '''imsi''' – Identity of the SIM requiring authentication | ||
| − | |||
* ''numberOfRequestedVectors'' – How many authentication sets are desired (UMTS) | * ''numberOfRequestedVectors'' – How many authentication sets are desired (UMTS) | ||
| − | |||
* ''re-synchronisationInfo'' – Information used for UMTS resynchronization procedure | * ''re-synchronisationInfo'' – Information used for UMTS resynchronization procedure | ||
| − | |||
** '''rand''' – Random number (16 octets) | ** '''rand''' – Random number (16 octets) | ||
| − | |||
** '''auts''' – Synchronization authentication token (16 octets) | ** '''auts''' – Synchronization authentication token (16 octets) | ||
* ''requestingNodeType'' – The type of service that tries to authenticate the SIM, may be "hlr", "sgsn", "bsf" or others like "gan-aaa-server" or "wlan-aaa-server" | * ''requestingNodeType'' – The type of service that tries to authenticate the SIM, may be "hlr", "sgsn", "bsf" or others like "gan-aaa-server" or "wlan-aaa-server" | ||
| − | |||
* ''requestingPLMN-Id'' – Identity of the mobile network that tries to authenticate the SIM | * ''requestingPLMN-Id'' – Identity of the mobile network that tries to authenticate the SIM | ||
| Line 31: | Line 27: | ||
* sendAuthenticationInfoRes-v3 – If requester used a v3 application context | * sendAuthenticationInfoRes-v3 – If requester used a v3 application context | ||
| − | + | **'''authenticationSetList''' | |
| − | ** '''authenticationSetList''' | + | ***tripletList – If the SIM is GSM |
| − | + | ****triplet – Authentication triplet(s) consisting of: | |
| − | *** tripletList – If the SIM is GSM | + | |
| − | + | ||
| − | **** triplet – Authentication triplet(s) consisting of: | + | |
| − | + | ||
***** '''rand''' – Random number (16 octets) | ***** '''rand''' – Random number (16 octets) | ||
| − | |||
***** '''sres''' – Signed response (4 octets) | ***** '''sres''' – Signed response (4 octets) | ||
| − | |||
***** '''kc''' – Ciphering key (8 octets) | ***** '''kc''' – Ciphering key (8 octets) | ||
| − | |||
*** quintupletList – If the SIM is UMTS | *** quintupletList – If the SIM is UMTS | ||
| − | |||
**** quintuplet – Authentication quintuplet(s) consisting of: | **** quintuplet – Authentication quintuplet(s) consisting of: | ||
| − | |||
***** '''rand''' – Random number (16 octets) | ***** '''rand''' – Random number (16 octets) | ||
| − | |||
***** '''xres''' – Signed response (4-16 octets, 8 typical) | ***** '''xres''' – Signed response (4-16 octets, 8 typical) | ||
| − | |||
***** '''ck''' – Ciphering key (16 octets) | ***** '''ck''' – Ciphering key (16 octets) | ||
| − | |||
***** '''ik''' – Integrity key (16 octets) | ***** '''ik''' – Integrity key (16 octets) | ||
| − | |||
***** '''autn''' – Network authentication token (16 octets) | ***** '''autn''' – Network authentication token (16 octets) | ||
* sendAuthenticationInfoRes-v2 – If requester used a v2 application context (GSM only) | * sendAuthenticationInfoRes-v2 – If requester used a v2 application context (GSM only) | ||
| − | |||
** set – Authentication triplet(s) consisting of: | ** set – Authentication triplet(s) consisting of: | ||
| − | |||
*** '''rand''' – Random number (16 octets) | *** '''rand''' – Random number (16 octets) | ||
| − | |||
*** '''sres''' – Signed response (4 octets) | *** '''sres''' – Signed response (4 octets) | ||
| − | |||
*** '''kc''' – Ciphering key (8 octets) | *** '''kc''' – Ciphering key (8 octets) | ||
| Line 88: | Line 67: | ||
If the requesting entity supports only GSM authentication but the SIM is known to support UMTS then the quintuplets are converted to triplets by applying the c1, c2 and c3 transforms1. In this case the SIM will degrade authentication and ciphering to GSM level. | If the requesting entity supports only GSM authentication but the SIM is known to support UMTS then the quintuplets are converted to triplets by applying the c1, c2 and c3 transforms1. In this case the SIM will degrade authentication and ciphering to GSM level. | ||
| − | == | + | ==Examples== |
| + | ===Requester supports only GSM=== | ||
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | <component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | ||
| Line 104: | Line 84: | ||
</component> | </component> | ||
| − | == | + | ===Requester supports UMTS, card is GSM=== |
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | <component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | ||
| Line 124: | Line 104: | ||
</component> | </component> | ||
| − | == | + | === Requester supports UMTS, card is USIM=== |
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | <component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> | ||
| Line 145: | Line 125: | ||
</sendAuthenticationInfoRes-v3> | </sendAuthenticationInfoRes-v3> | ||
</component> | </component> | ||
| − | |||
==References== | ==References== | ||
| − | * | + | * ETSI TS 100 974 V7.15.0 (2004-03) p1050 |
| − | * | + | * ETSI TS 129 002 V9.3.0 (2010-10) p352 |
Latest revision as of 16:56, 27 August 2013
Contents |
[edit] Capability: Authentication
[edit] Usage
This message is sent by a MSC, VLR or SGSN to the HLR to retrieve authentication parameters.
[edit] Expected actions
The application name or OID are checked against known values to detect if the requester supports only GSM authentication or both GSM and UMTS.
After checking that the IMSI is known an Authentication Center must be invoked to compute one or more (up to 5) authentication triplets (rand,sres,Kc) or UMTS quintuplets (rand,xres,ck,ik,autn) based on the secret Ki and eventually sequence number (for UMTS) stored with the IMSI. These triplets or quintuplets are sent back to the invoker to use for authentication.
If the IMSI is known but authentication sets cannot be retrieved an empty list may be returned, indicating to the invoker that existing information is to be reused.
[edit] Invoke parameters
- imsi – Identity of the SIM requiring authentication
- numberOfRequestedVectors – How many authentication sets are desired (UMTS)
- re-synchronisationInfo – Information used for UMTS resynchronization procedure
- rand – Random number (16 octets)
- auts – Synchronization authentication token (16 octets)
- requestingNodeType – The type of service that tries to authenticate the SIM, may be "hlr", "sgsn", "bsf" or others like "gan-aaa-server" or "wlan-aaa-server"
- requestingPLMN-Id – Identity of the mobile network that tries to authenticate the SIM
[edit] Result parameters
- sendAuthenticationInfoRes-v3 – If requester used a v3 application context
- authenticationSetList
- tripletList – If the SIM is GSM
- triplet – Authentication triplet(s) consisting of:
- rand – Random number (16 octets)
- sres – Signed response (4 octets)
- kc – Ciphering key (8 octets)
- triplet – Authentication triplet(s) consisting of:
- quintupletList – If the SIM is UMTS
- quintuplet – Authentication quintuplet(s) consisting of:
- rand – Random number (16 octets)
- xres – Signed response (4-16 octets, 8 typical)
- ck – Ciphering key (16 octets)
- ik – Integrity key (16 octets)
- autn – Network authentication token (16 octets)
- quintuplet – Authentication quintuplet(s) consisting of:
- tripletList – If the SIM is GSM
- authenticationSetList
- sendAuthenticationInfoRes-v2 – If requester used a v2 application context (GSM only)
- set – Authentication triplet(s) consisting of:
- rand – Random number (16 octets)
- sres – Signed response (4 octets)
- kc – Ciphering key (8 octets)
- set – Authentication triplet(s) consisting of:
[edit] Possible errors
- systemFailure
- dataMissing
- unexpectedDataValue
- unknownSubscriber
[edit] Notes
A description of the GSM authentication and encryption is available at: http://www.gsmfordummies.com/encryption/encryption.shtml
It is possible to have a batch of GSM authentication triplets precomputed for each SIM.
For UMTS the order of the returned quintuplets is important and must be preserved.
There is never a case when both GSM and UMTS authentication is returned. Normally in a dual mode SIM each mode has its own separate IMSI although they have associated the same MSISDN.
If the requesting entity supports only GSM authentication but the SIM is known to support UMTS then the quintuplets are converted to triplets by applying the c1, c2 and c3 transforms1. In this case the SIM will degrade authentication and ciphering to GSM level.
[edit] Examples
[edit] Requester supports only GSM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v2> <set> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <sres>11 22 33 44</sres> <kc>00 11 22 33 44 55 66 77</kc> </set> </sendAuthenticationInfoRes-v2> </component>
[edit] Requester supports UMTS, card is GSM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v3> <authenticationSetList> <tripletList> <triplet> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <sres>11 22 33 44</sres> <kc>00 11 22 33 44 55 66 77</kc> </triplet> </tripletList> </authenticationSetList> </sendAuthenticationInfoRes-v3> </component>
[edit] Requester supports UMTS, card is USIM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v3> <authenticationSetList> <quintupletList> <quintuplet> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <xres>11 22 33 44 55 66 77 88</xres> <ck>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</ck> <ik>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</ik> <autn>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</autn> <quintuplet> </quintupletList> </authenticationSetList> </sendAuthenticationInfoRes-v3> </component>
[edit] References
- ETSI TS 100 974 V7.15.0 (2004-03) p1050
- ETSI TS 129 002 V9.3.0 (2010-10) p352
