Page 460 - 5G Basics - Core Network Aspects

P. 460

1 Core network aspects

The normal authentication procedure is illustrated as follows:

• When an AP function receives a registration request from a MS PAM function containing the SAC
and the user identification information (a user identity), the AP function sends the registration
request by initiating a call request to the fixed network.
• The call arrives in CCF/SSF which triggers and queries the PAM-SCF.
• The PAM-SCF instructs the SRF to establish a bearer channel between itself and the AP function.
• The PAM-SCF instructs the SRF to collect the user identification information from the AP function.

• The AP function sends the user identification information in-band to the SRF which relays the
received information to the PAM-SCF.

• The PAM-SCF acquires the authentication data as follows:
– When a fixed PAM service number is used, the PAM-SCF generates the authentication data as
it is done in HLR/AuC (HSS).

– When a MSISDN is used, the PAM-SCF requests the authentication data from the HLR/AuC (HSS)
using the IMSI which is translated by the PAM-SCF using the user identity received from the AP
function.
• The PAM-SCF instructs the SRF to send the authentication data to the AP function which relays the
information to the MS PAM function.
• In case the terminal and network mutual authentication is required, the MS PAM function
authenticates the network. If it is successful, the MS PAM function produces a response result which
is sent back to the AP function.
• The AP function sends the response result to the SRF which relays the information to the PAM-SCF.

• The PAM-SCF compares the received result with the expected result. If they match, the PAM-SCF
continues the registration procedure. Otherwise, the authentication is not successful and the PAM-
SCF instructs the SRF to send a negative response to the AP function to end the registration. The AP
relays the response to the MS PAM function and ends the registration procedure.
The secure transfer of the user identification information is required on the radio interface between the MS
PAM function and the AP function as well as on the interface between the AP function and the fixed network.
The encryption of the user identification information sent over the radio access needs to be supported by
the wireless technology used in the MS PAM function and the AP function.
The encryption (e.g., using SHA-1 or SHA-256 or MD5 as specified in [b-IETF RFC 3174], [b-NIST SHA-256] and
[b-IETF RFC 1321]) of the user identification information over the fixed network needs to be supported by
the AP function and the PAM SCF.

8.2 User identification and routing
When a mobile user is connecting to an AP with PSTN access line, the mobile user needs to be correctly
identified for routing the call and presentation of the user's PAM service number. The following information
is needed:
• The AP address: It is the CLI of the PSTN line to which the AP is connected.
• The terminal identifier: It is the number dynamically allocated by the AP to identify the terminals
attached to it.
The correlation of the user (either with a fixed PAM service number or a MSISDN) with the AP address and
the terminal identifier needs to be set-up during registration.
• When a fixed PAM service number is used:
The corresponding relationship among the user identity, the fixed PAM service number and the
associated MSISDN is statically created when the user subscribes to the PAM service, while the AP
address and terminal identifier need to be dynamically updated when the user registers or
deregisters with an AP.

450

455 456 457 458 459 460 461 462 463 464 465