Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

SIM Authentication Module Component Overview

The optional SIM authentication module enables Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) service providers to offer wireless network access to subscribers through hotspot concession operators while leveraging existing customer care, roaming, and billing infrastructures. This section describes the hardware and software components that make up the SIM authentication module.

Note: The SIM authentication module is not supported on the Red Hat Enterprise Linux 7 platform.


The SIM authentication module performs EAP-SIM and EAP-AKA authentication using a software module called SIMAuth. SIMAuth manages all EAP-SIM-based and EAP-AKA based authentication requests from subscribers.

  • EAP-SIM authentication is used with older SIM cards.
  • EAP-AKA authentication is used with third-generation USIM (Universal Subscriber Identity Module) cards.

SIMAuth supports user authentication based on SIM IMSI (International Mobile Subscriber Identity) values or supports anonymous authentication based on pseudonym values that are assigned after the first successful authentication.

Ulticom Signalware SS7 and SIGTRAN Protocol Stacks

The SS7 protocol stack handles the various SS7 protocol layers to put Mobile Access Part (MAP) requests onto the SS7 network. ANSI SS7, CCITT/ITU SS7, Japanese, and Chinese networks are supported. SIGTRAN provides SS7 signaling over IP networks.

The SIGTRAN protocol stack is used in conjunction with the SIM Authentication module to provide gateway functionality, which enables Steel-Belted Radius Carrier to pass MAP requests to the SS7 network. MAP requests are passed over the SS7 network to the Home Location Register (HLR), which is the primary subscriber database in the Global System for Mobile Communications (GSM) network. The HLR then performs a database lookup and returns the requested authentication or authorization information to Steel-Belted Radius Carrier.

MAP Gateway (authGateway) Application

The MAP gateway or authGateway application acts as a link between Steel-Belted Radius Carrier and the SS7 network. It formats and transmits MAP requests to the HLR over SIGTRAN. The MAP gateway processes requests for authentication and authorization information. Multiple authGateway instances can be used with the GWrelay application to process multiple authentication and authorization requests at the same time.

Note: SBR Carrier supports up to 256 authGateway instances. However, we recommend that you use a maximum of 100 authGateway instances.

GWrelay Application

The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay application establishes an SCTP connection with each authGateway instance through unique source and destination ports, but does not track any EAP-SIM/AKA requests.

CDR Accounting

CDR capability manages all CDR-based subscriber accounting for the purposes of billing. CDRs are forwarded through an FTP server or other transport method to a billing application.

Note: Class attributes need to be included in accounting requests in order for CDR accounting to work properly.

Data Accessors

Data accessors enable the SIM authentication module to query an external SQL database or LDAP directory server for WLAN authorization and IMSI/MSISDN lookups. Data accessors can be used to supplement or replace the interaction between the SIM authentication module and a service provider’s HLR.

You must install an Oracle 10, 11, or 12 client or JDBC (Java Database Connectivity) if you want to use the SQL data accessor.

Modified: 2018-01-11