Difference between revisions of "SendAuthenticationInfo"
(→Invoke parameters) |
(→References) |
||
| Line 126: | Line 126: | ||
==References== | ==References== | ||
| − | * | + | * ETSI TS 100 974 V7.15.0 (2004-03) p1050 |
| − | * | + | * ETSI TS 129 002 V9.3.0 (2010-10) p352 |
Revision as of 17:03, 23 August 2013
Contents |
Capability: Authentication
Usage
This message is sent by a MSC, VLR or SGSN to the HLR to retrieve authentication parameters.
Expected actions
The application name or OID are checked against known values to detect if the requester supports only GSM authentication or both GSM and UMTS.
After checking that the IMSI is known an Authentication Center must be invoked to compute one or more (up to 5) authentication triplets (rand,sres,Kc) or UMTS quintuplets (rand,xres,ck,ik,autn) based on the secret Ki and eventually sequence number (for UMTS) stored with the IMSI. These triplets or quintuplets are sent back to the invoker to use for authentication.
If the IMSI is known but authentication sets cannot be retrieved an empty list may be returned, indicating to the invoker that existing information is to be reused.
Invoke parameters
- imsi – Identity of the SIM requiring authentication
- numberOfRequestedVectors – How many authentication sets are desired (UMTS)
- re-synchronisationInfo – Information used for UMTS resynchronization procedure
- rand – Random number (16 octets)
- auts – Synchronization authentication token (16 octets)
- requestingNodeType – The type of service that tries to authenticate the SIM, may be "hlr", "sgsn", "bsf" or others like "gan-aaa-server" or "wlan-aaa-server"
- requestingPLMN-Id – Identity of the mobile network that tries to authenticate the SIM
Result parameters
- sendAuthenticationInfoRes-v3 – If requester used a v3 application context
- authenticationSetList
- tripletList – If the SIM is GSM
- triplet – Authentication triplet(s) consisting of:
- rand – Random number (16 octets)
- sres – Signed response (4 octets)
- kc – Ciphering key (8 octets)
- triplet – Authentication triplet(s) consisting of:
- quintupletList – If the SIM is UMTS
- quintuplet – Authentication quintuplet(s) consisting of:
- rand – Random number (16 octets)
- xres – Signed response (4-16 octets, 8 typical)
- ck – Ciphering key (16 octets)
- ik – Integrity key (16 octets)
- autn – Network authentication token (16 octets)
- quintuplet – Authentication quintuplet(s) consisting of:
- tripletList – If the SIM is GSM
- authenticationSetList
- sendAuthenticationInfoRes-v2 – If requester used a v2 application context (GSM only)
- set – Authentication triplet(s) consisting of:
- rand – Random number (16 octets)
- sres – Signed response (4 octets)
- kc – Ciphering key (8 octets)
- set – Authentication triplet(s) consisting of:
Possible errors
- systemFailure
- dataMissing
- unexpectedDataValue
- unknownSubscriber
Notes
A description of the GSM authentication and encryption is available at: http://www.gsmfordummies.com/encryption/encryption.shtml
It is possible to have a batch of GSM authentication triplets precomputed for each SIM.
For UMTS the order of the returned quintuplets is important and must be preserved.
There is never a case when both GSM and UMTS authentication is returned. Normally in a dual mode SIM each mode has its own separate IMSI although they have associated the same MSISDN.
If the requesting entity supports only GSM authentication but the SIM is known to support UMTS then the quintuplets are converted to triplets by applying the c1, c2 and c3 transforms1. In this case the SIM will degrade authentication and ciphering to GSM level.
Examples
Requester supports only GSM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v2> <set> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <sres>11 22 33 44</sres> <kc>00 11 22 33 44 55 66 77</kc> </set> </sendAuthenticationInfoRes-v2> </component>
Requester supports UMTS, card is GSM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v3> <authenticationSetList> <tripletList> <triplet> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <sres>11 22 33 44</sres> <kc>00 11 22 33 44 55 66 77</kc> </triplet> </tripletList> </authenticationSetList> </sendAuthenticationInfoRes-v3> </component>
Requester supports UMTS, card is USIM
<component remoteCID=1" type="Invoke" operationCode="sendAuthenticationInfo"> <imsi enc="e212">497012345678900</imsi> </component> ... <component remoteCID=1" type="ResultLast" operationCode="sendAuthenticationInfo"> <sendAuthenticationInfoRes-v3> <authenticationSetList> <quintupletList> <quintuplet> <rand>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</rand> <xres>11 22 33 44 55 66 77 88</xres> <ck>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</ck> <ik>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</ik> <autn>00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff</autn> <quintuplet> </quintupletList> </authenticationSetList> </sendAuthenticationInfoRes-v3> </component>
References
- ETSI TS 100 974 V7.15.0 (2004-03) p1050
- ETSI TS 129 002 V9.3.0 (2010-10) p352
