TIA/EIA TSB-87-1018:1997 (R2002)

$26.00

Cellular Digital Packet Data System Specification – Part 1018 Authentication Services

Published By	Publication Date	Number of Pages
TIA	1997	24

Guaranteed Safe Checkout

Category: TIA

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

Introduction

This Part defines the services needed for supporting
authentication of a Mobile End System (M-ES) by the Cellular
Digital Packet Data (CDPD) Network. This Part specifies the data
communication protocols to be used by the home MD-IS to verify the
M-ES's credentials. This Part does not directly impact CDPD
subscribers or M-ES manufacturers.

This Part assumes that the reader is familiar with CDPD in
general, as presented in [IS-732- 100]. [IS-732-100] provides a
comprehensive glossary of CDPD terms.

This Part supports authentication of an M-ES Network Entity
Identifier (NEI) by the CDPD Network. Serving MD-IS, home MD-IS and
the Authentication Server participate in the authentication of a
M-ES NEI. The authentication procedures involve verification of the
Authentication Sequence Number (ASN) and assignment of the
Authentication Random Number (ARN). These procedures and protocols
are described in [IS-732-406].

Authentication of an M-ES by the CDPD Network involves the
following steps:

a. Serving MD-IS and the M-ES exchange secret keys to be used
for encryption and decryption of data transmitted across the
airlink

b. Serving MD-IS and the M-ES encrypt and decrypt data
transmitted across the airlink

c. M-ES presents its credentiais (one or more[NEI, ASN, ARN]
triplet) to the serving MD-IS

d. Serving MD-IS forwards M-ES's credentials to the home
MD-IS

e. Home MD-IS verifies correctness of the credentials through a
verification request to the Authentication Server

f. The Authentication Server validates or rejects the
credentials and optionally generates new credentials for future use
and communicates the results to the home MD-IS

g. The home MD-IS then forwards the Authentication Results to
the serving MD-IS

h. The serving MD-IS then forwards the Authentication Results to
the M-ES.

This Part focuses on steps (e) and (f) of the M-ES
authentication process. Steps (a) to (c) and step (h) are defined
in [IS-732-406] and [IS-732-507]. Steps (d) and (g) are defined in
[IS-732-501].

When a CDPD NEI Authentication Service User (CNA-SU)¹
is in a different open system from a CDPD NEI Authentication Server
(CNA-SP)² with which it is interacting, these
interactions are supported by the CDPD NEI Authentication Protocol
(CNA-P), which is an OSI application layer protocol.

When the NEI Authentication Server is part of a home MD-IS, use
of the protocol specified in this Part is not required. Use of this
protocol is only required if the home MD-IS and the Authentication
Server are in different open systems and the service provider
desires an open interface (that is compliant with this Part)
between these open systems.

Depending on the security policy of a service provider, in
addition to authentication services, none, part or all of access
control policies can be implemented in the Authentication Server.
Although this part only focuses on Authentication Services, it does
not preclude implementation of access control in the Authentication
Server.

1. CNA-SU is part of home MD-IS.

2. CNA-SP is the Authentication Server.

Additional information