Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Glossary

Numerics  A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  V  W  

Numerics

3GPP

Third generation Partnership Project (GSM).

3GPP2

Third generation Partnership Project 2 (CDMA).

802.1X

IEEE standard 802.1X. Standard for Local and Metropolitan Area Networks-Port-Based Network Access Control. Defines a mechanism that allows a supplicant (client) to connect to a wireless access point or wired switch so that the supplicant can provide authentication credentials that can be verified by an authentication server.

A

AAA

Authentication, Authorization, and Accounting.

AC

Access Controller.

accounting

The process of recording and aggregating resource use statistics and log files for a user, connection session, or function for billing, system diagnosis, and usage planning.

ACL

Access Control List.

agent

SNMP module on a managed device that responds to requests from a management station and sends traps to one or more recipients (trap sinks) to inform administrators of potential problems.

AKA

Authentication and Key Agreement. An extension to the EAP protocol that enables authentication and session key distribution using a mechanism based on symmetric keys and usually runs on a USIM.

AP

Access Point.

APN

Access Point Name.

attribute

RADIUS attributes that carry specific authentication, authorization, and accounting messages.

AuC

Authentication Center. The network element that provides the triplets for authenticating the subscriber.

authentication

The process of verifying the identity of a device and its user. This process is accomplished through transmission of identifying data at the time of connection.

Authentication and Key Agreement

See AKA.

authentication server

A back-end server that verifies, from the credentials provided by an access client, whether the access client is authorized to use network resources.

authorization

The process of controlling the access settings, such as privileges and time limits, that the user can exercise on a protected network.

autonomous server

A Steel-Belted Radius Carrier server that does not use centralized configuration management.

AVP

Attribute Value Pair. An attribute and its corresponding value; for example, User-Name = admin.

B

balun

Balanced/unbalanced converter. A device used to match impedance between balanced and unbalanced lines, usually twisted-pair and coaxial cable.

BAOC

Barring of All Outgoing Calls.

blacklist

A profile of checklist attributes that cause Steel-Belted Radius Carrier to reject an authentication request. For example, a blacklist profile might specify calling station phone numbers or IP addresses that are blocked by Steel-Belted Radius Carrier.

BS

Base Station.

C

CA

Certificate Authority. A trusted entity that registers the digital identity of a site or individual and issues a digital certificate that guarantees the binding between the identity and the data items in a certificate.

CCB

Customer Care and Billing system.

CCM

Centralized Configuration Management. The process by which configuration information is shared between a primary RADIUS server and one or more replica RADIUS servers so that all machines operate in a similar way.

CDF

Charging Data Function.

CDR

Call Detail Record. Call transaction record created by an MSC to track the network resources used by subscribers in making and receiving calls, so that billing systems can compute charges based on usage.

certificate

A digital file signed by a CA that guarantees the binding between an identity and the contents of the certificate.

CG

Charging Gateway. Device that collects, validates, and consolidates CDRs from other network components for processing by the network billing system.

Change of Authorization

See CoA.

CHAP

Challenge Handshake Authentication Protocol. An authentication protocol where a server sends a challenge to a requestor after a link has been established. The requestor responds with a value obtained by executing a hash function. The server verifies the response by calculating its own hash value. If the two hash values match, the authentication is acknowledged.

checklist

A list of attributes that must accompany a request for connection before the connection request can be authenticated.

CoA

Change of Authorization. Refers to RADIUS Change of Authorization, which is the dynamic change of the state of a previously authorized session by use of a RADIUS request sent towards the access equipment.

community

A group of devices and management stations running SNMP. An SNMP device or agent may belong to more than one SNMP community.

community string

Character string included in SNMP messages to identify valid sources for SNMP requests and to limit access to authorized devices. The read community string allows an SNMP management station to issue Get and GetNext messages. The write community string allows an SNMP management station to issue Set messages.

credentials

Data that is verified when presented to an authenticator, such as a password or a digital certificate.

CRL

Certificate Revocation List. A data structure that identifies the digital certificates that have been invalidated by the certificates’ issuing CA before their expiration date.

CSCF

Call Session Control Function.

D

daemon

A program on a UNIX or Linux host that runs continuously to handle service requests.

DHCP

Dynamic Host Configuration Protocol. Protocol by which a server automatically assigns (leases) a network address and other configuration settings to a client temporarily or permanently.

dictionary

Text file that maps the attribute/value pairs supported by third-party RADIUS vendors.

Disconnect Message

See DM.

DM

Disconnect Message. Refers to RADIUS Disconnect, which is the dynamic termination of a previously authorized session by use of a RADIUS request sent towards the access equipment.

DNIS

Dialed Number Identification Service. A telephone service that identifies what number was dialed by a caller.

DNS

Domain Name Service. Internet protocol for mapping hostnames, domain names, and aliases to IP addresses.

E

EAP

Extensible Authentication Protocol. An industry-standard authentication protocol for network access that acts as a transport for multiple authentication methods or types. Defined by RFC 2284. The base protocol used for a variety of authentication methods with Radius and 802.1X.

EAP-AKA

EAP method that allows authentication with a mobile subscriber USIM card.

EAP-SIM

EAP method that allows authentication with a mobile subscriber SIM card.

EAP-TLS

Authentication method that uses EAP (Extensible Authentication Protocol) and TLS (Transport Layer Security).

EAP-TTLS

Authentication method that uses EAP (Extensible Authentication Protocol) and TTLS (Tunneled Transport Layer Security).

Extensible Authentication Protocol

See EAP.

F

FMC

Fixed/Mobile Convergence.

FQDN

Fully Qualified Domain Name.

FTP

File Transfer Protocol.

function

(Specific to IMS) Any one of the identified (and named) separable components of the IMS, which communicates with other functions exclusively using reference points.

G

General Packet Radio Service

See GPRS.

GGSN

Gateway GPRS Support Node.

Global System for Mobile Communications

See GSM.

GPRS

General Packet Radio Service. Packet-based wireless communication service for wireless phones and mobile computer users.

GSM

Global System for Mobile Communications. A mobile telephone system that uses a SIM for subscriber identification.

GUI

Graphical User Interface.

H

HA

Home Agent. Maintains connection information about the mobile station (MS) and manages a persistent IP connection on the network for the MS. (In the SBR/HA 5.5 release, HA meant “High Availability,” but that term has been deprecated in favor of Session State Register, or SSR.)

HAAA

Home Authentication, Authorization and Accounting server. AAA server on the subscribers home network.

HLR

Home Location Register. Contains the primary subscriber database in a GSM network using SIM or USIM credentials.

home agent

See HA.

Home PLMN

See HPLMN.

Home Subscriber Server

See HSS.

Home WLAN

A WLAN that interworks with the HPLMN without using a VPLMN.

hotspot

A WLAN Access Point offering network connectivity to the public.

HPLMN

Home Public Land Mobile Network. The mobile network that has a billing relationship with the mobile subscriber, and usually the one that authenticates the user and authorizes access.

HSS

Home Subscriber Server. The IMS function that contains the primary subscriber database in IMS networks that satisfy Release 6 of the IMS reference (IMS R6).

I

identity protection

Prevention of an eavesdropper from discovering the identity of a user being authenticated.

IMS

IP Multimedia Subsystem. An IP multimedia and telephony core network that is defined by 3GPP and 3GPP2 standards and organizations based on IETF Internet protocols. IMS is access independent as it supports IP to IP sessions over wireline IP, 802.11, and 802.15 packet data along with GSM/EDGE/UMTS and other packet data applications. IMS is a standard reference architecture that consists of session control, connection control, and an applications services framework along with subscriber and services data.

IMSI

International Mobile Subscriber Identity. A unique subscriber identifier consisting of a three-digit Mobile Country Code (MCC), a two- or three-digit Mobile Network Code (MNC), and 10-digits-or-fewer Mobile Subscriber Identification Number (MSIN).

International Mobile Subscriber Identity

See IMSI.

IP

Internet Protocol.

IP Multimedia Subsystem

See IMS.

IPv4

Implementation of the TCP/IP suite that uses a 32-bit addressing structure.

IPv6

Implementation of the TCP/IP suite that uses a 128-bit addressing structure.

ISP

Internet Service Provider.

J

JavaScript

Programming language designed for use in distributed environments such as the Internet.

JDBC

Java Database Connectivity. Application programming interface for accessing a database from programs written in Java.

L

LCI

LDAP configuration interface.

LDAP

Light-weight directory access protocol. An IETF standard protocol for updating and searching directories over TCP/IP networks.

LDIF

LDAP Data Interchange Format. The format used to represent directory server entries in text form.

M

managed device

A device that runs an SNMP agent.

management station

Host that monitors and controls managed devices running SNMP agents.

MAP

Mobile Access Part. The SS7 protocol standard that addresses registration of roaming users and the intersystem handoff procedure in wireless mobile telephony.

MCC

Mobile Country Code. The MCC, together with the MNC, uniquely identify an operator and help identify the authentication center from which subscriber information should be retrieved.

MGW

Media Gateway.

MIB

Management Information Base. A database of objects, such as alarm status or statistics counters, that can be monitored or overwritten by an SNMP management station.

MNC

Mobile Network Code. The MNC, together with the MCC, uniquely identify an operator and help identify the authentication center from which to retrieve subscriber information.

Mobile Application Part

See MAP.

Mobile Country Code

See MCC.

Mobile Network Code

SeeMNC.

Mobile Services Switching Center

See MSSC.

 

Mobile Station

See MS.

Mobile Subscriber ISDN

See MSISDN.

MPPE

Microsoft Point-to-Point Encryption. A means of representing point-to-point packets in an RC4 encrypted format. Defined in RFC 3078.

MS

Mobile Station. Device used to attach to a mobile network.

MS-CHAP

Microsoft CHAP. Proprietary version of CHAP.

MSC

Mobile Services Switching Center. Responsible for connecting calls together by switching packets from one network path to another. MSCs also provide information to support mobile service subscribers, including user registration, authentication, and location updating.

MSISDN

Mobile Subscriber ISDN. Telephone number of the mobile user, which conforms to the dialed number formats in the subscriber’s country.

MTP

Message Transfer Part.

N

NAD

Network Access Device. Network device that accepts connection requests from remote users, authenticates users via RADIUS, and routes users onto the network.

NAI

Network Access Identifier.

NAT

Network Address Translation.

native user

A user authenticated by Steel-Belted Radius Carrier using its internal authentication database.

network element

An addressable node or cluster of nodes in an IMS network, which may host any number of IMS functions.

NGN

Next Generation Network.

NIC

Network Interface Card.

node

A node is a logical element of a Session State Register cluster, which includes SBR Carrier nodes, management nodes, and data nodes.

nonce

Random value included in data exchanges to guarantee uniqueness and protect against replay attacks.

NSP

Network Service Provider.

numbering plan

Interpretation of the digits of an IMSI.

O

ODB

Operator-Determined Barring. An HLR authorization of service designation that specifies that a subscriber is barred from service.

offline charging

Mechanism for collecting and forwarding charging information concerning I-WLAN and core network resource usage without affecting the service rendered in real-time.

P

PAP

Password Authentication Protocol. An authentication protocol where a requestor sends an identifier and password to a server after a link has been established. If the identifier and password match an entry in the server’s database, the authentication is acknowledged.

PDA

Personal Digital Assistant.

PDSN

Packet Data Serving Node. The attachment point between the RADIUS network and the IP network. May also be known as the foreign agent (FA) when Mobile IP is used.

PEAP

Protected Extensible Authentication Protocol. A two-phase authentication protocol where (1) an authentication server is authenticated to a supplicant using a digital certificate and a secure channel is established; and (2) the supplicant is authenticated to the authentication server via the secure channel.

permanent identity

The permanent identifier of a peer, including an NAI realm portion in environments where a realm is used. The permanent identity is usually based on the IMSI. Used on full authentication only.

PLMN

Public Land Mobile Network. Refers to a mobile network.

point code

The unique identifier for each node in an SS7 network.

PPP

Point-to-Point Protocol. Network protocol defined in RFC 1661 that provides a standard method for transporting multiprotocol datagrams over point-to-point links.

provisioning

A process, possibly requiring multiple steps, that enables customers to obtain services.

proxy RADIUS

Process of authenticating users whose profiles are on other RADIUS servers by forwarding access-request packets received from a RADIUS client to a remote RADIUS server (the proxy target), and then forwarding the response from the remote server back to the RADIUS client.

proxy target

The remote RADIUS server that actually performs authentication in a proxy RADIUS sequence.

pseudonym identity

A pseudonym identifier of a peer, including a NAI realm portion in environments where a realm is used. Used on full authentication only.

Public Land Mobile Network

See PLMN.

Q

quintets

The authentication data formed by the UMTS values: RAND (random number), XRES (expected response), CK (cipher key), IK (integrity key), and AUTN (authentication).

R

RADIUS

Remote Authentication Dial-In User Service. A client/server security administration standard that functions as an information clearinghouse, storing authentication information about users and administering multiple security systems across complex networks.

reauthentication identity

The reauthentication identifier for a peer, including a NAI realm portion in environments where a realm is used. Used on reauthentication only.

Remote Access Dial-In User Service

See RADIUS.

return list

A list of attributes that Steel-Belted Radius Carrier must return to a RADIUS client after authentication of a user succeeds. The return list usually provides additional parameters that the RADIUS client needs to complete the connection.

roaming

The ability to move from one Access Point coverage area to another without interruption of service or loss of connectivity.

S

SBC

Session Border Controller.

SBR

Steel-Belted Radius, the product family that includes Steel-Belted Radius Carrier.

server

In a Session State Register cluster, a computer that hosts one or more nodes.

service authorization

Authorization allowing a subscriber to access the requested service based on subscription.

session ID

Session Identifier. A string of characters uniquely identifying the session.

Session State Register

See SSR.

SHA-1

Secure Hash Algorithm-1. A one-way cryptographic function that takes a message of any length and produces a 160-bit message digest.

Signaling System 7

See SS7.

Signalware

The Ulticom SS7 protocol stack provided with Steel-Belted Radius Carrier.

silent discard

The process of discarding a packet without further processing and without notification to the sender.

SIM

Subscriber Identity Module.

SIM card

A SIM-based hardware SmartCard that contains the authentication keys for a GSM mobile telephone subscriber.

SIP

Session Initiation Protocol.

SmartCard

A small card containing a computer chip that can store information, including authentication information and algorithms.

SNMP

Simple Network Management Protocol.

SS7

Signaling System 7. The network and protocols used to provide out-of-band signaling (control) for telephone services to support call establishment, billing, routing, and information exchange for the public switched telephone network.

SSID

Service Set Identifier.

SSL

Secure Sockets Layer. Program layer that manages the security of messages on a network.

SSR

Session State Register, an optional module for Steel-Belted Radius Carrier that implements a multi-computer cluster to support shared databases that multiple SBR Carrier servers can access to ensure that a single set of data is used for all transactions and to implement a high-availability environment.

STP

Signaling Transfer Point.

supplicant

The client in an 802.1X-authenticated network.

T

TISPAN

Telecoms & Internet converged Services & Protocols for Advanced Networks (standardization body of ETSI).

TLS

Transport Layer Security.

TLV

Type-Length-Value. A synonym for AVP; named because the raw encoding of such a value is a type field (for example, 1 for User-Name) followed by a length value (for example, 6) followed by the value of the attribute (for example, test).

trap

An SNMP message that reports a significant event, such as a problem, error, or change in state, that occurred within a managed device.

trap sink

The destination for trap messages sent by an SNMP agent on a managed device.

TS

Teleservice. HLR authorization of service designation.

TTLS

Tunneled Transport Layer Security.

U

UE

User Equipment.

UICC

Universal Integrated Circuit Card. The chip card used in mobile terminals in GSM and UMTS networks. The UICC ensures the integrity and security of all kinds of personal data, and typically holds a few hundred kilobytes.

UMA

Unlicensed Mobile Access.

UMTS

Universal Mobile Telecommunications System. Type of mobile network (next generation after GSM) that uses the USIM card for authentication.

Universal Mobile Telecommunications System

See UMTS.

user database

A database where a RADIUS server keeps information about users, such as authentication information and network access permissions.

user identifier

Identifier of a user that may be used, for example, in charging functionality for billing purposes.

user profile

A record in the user database that describes how to configure a particular user or class of users during authentication and authorization.

USIM

UMTS Subscriber Identity Module.

USIM card

A SIM-based hardware SmartCard that contains the authentication keys for a 3G mobile telephone subscriber.

V

VAAA

Visited Authentication, Authorization and Accounting server. AAA server on the visited access network, responsible for routing authentication and accounting requests to home network.

Visited PLMN

See VPLMN.

VLAN

Virtual Local Area Network.

VLR

Visitors Location Register.

VoIP

Voice over IP.

VPLMN

Visited Public Land Mobile Network. The mobile network that is providing connectivity to a roaming user.

VPN

Virtual Private Network.

VSA

Vendor-Specific Attributes. Usually refers to a vendor-specific attribute and its associated value. VSA may be used to indicate a vendor-specific attribute or vendor-specific AVP. In RADIUS, VSAs are special attributes that contain an IANA-assigned enterprise code followed by TLVs (Type Length Value) that can be defined by the vendor who owns the enterprise code. As a result, vendors can define their own RADIUS VSAs without fear of colliding with another vendor’s VSA assignments.

W

W-CDMA

Wideband Code Division Multiple Access.

W-CDR

Wireless LAN type of CDR.

WEP

Wired Equivalent Privacy. An encryption method designed to encrypt traffic between a WLAN client and an access point.

Wi-Fi

Wireless local area network that uses the IEEE 802.11a, b, or g radio protocols.

WiMAX

Worldwide Interoperability for Microwave Access.

WISP

Wireless Internet Service Provider.

WLAN

Wireless Local Area Network.

 

 

 

Modified: 2017-03-07