Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SIM Authentication Module Component Overview

 

The optional SIM authentication module enables Global System for Mobile Communications (GSM) and Universal Mobile Telecommunications System (UMTS) service providers to offer wireless network access to subscribers through hotspot concession operators while leveraging existing customer care, roaming, and billing infrastructures. This section describes the hardware and software components that make up the SIM authentication module.

Note

The SIM authentication module is not supported on the Red Hat Enterprise Linux 7 platform.

SIMAuth

SIMAuth

The SIM authentication module performs EAP-SIM and EAP-AKA authentication using a software module called SIMAuth. SIMAuth manages all EAP-SIM-based and EAP-AKA based authentication requests from subscribers.

  • EAP-SIM authentication is used with older SIM cards.

  • EAP-AKA authentication is used with third-generation USIM (Universal Subscriber Identity Module) cards.

SIMAuth supports user authentication based on SIM IMSI (International Mobile Subscriber Identity) values or supports anonymous authentication based on pseudonym values that are assigned after the first successful authentication.

Signalware SIGTRAN Protocol Stacks

Signalware SIGTRAN Protocol Stacks

The Signalware SIGTRAN protocol stack handles the various SS7 protocol layers to put Mobile Access Part (MAP) requests onto the SS7 network. ANSI SS7, CCITT/ITU SS7, Japanese, and Chinese networks are supported. Signalware provides SS7 signaling over IP networks.

The Signalware SIGTRAN protocol stack is used in conjunction with the SIM Authentication module to provide gateway functionality, which enables Steel-Belted Radius Carrier to pass MAP requests to the SS7 network. MAP requests are passed over the SS7 network to the Home Location Register (HLR), which is the primary subscriber database in the Global System for Mobile Communications (GSM) network. The HLR then performs a database lookup and returns the requested authentication or authorization information to Steel-Belted Radius Carrier.

MAP Gateway (authGateway) Application

MAP Gateway (authGateway) Application

The MAP gateway or authGateway application acts as a link between Steel-Belted Radius Carrier and the SS7 network. It formats and transmits MAP requests to the HLR over Signalware. The MAP gateway processes requests for authentication and authorization information. Multiple authGateway instances can be used with the GWrelay application to process multiple authentication and authorization requests at the same time.

Note

SBR Carrier supports up to 256 authGateway instances. However, we recommend that you use a maximum of 100 authGateway instances.

GWrelay Application

GWrelay Application

The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay application establishes an SCTP connection with each authGateway instance through unique source and destination ports, but does not track any EAP-SIM/AKA requests.

CDR Accounting

CDR Accounting

CDR capability manages all CDR-based subscriber accounting for the purposes of billing. CDRs are forwarded through an FTP server or other transport method to a billing application.

Note

Class attributes need to be included in accounting requests in order for CDR accounting to work properly.

Data Accessors

Data Accessors

Data accessors enable the SIM authentication module to query an external SQL database or LDAP directory server for WLAN authorization and IMSI/MSISDN lookups. Data accessors can be used to supplement or replace the interaction between the SIM authentication module and a service provider’s HLR.

You must install an Oracle 10, 11, or 12 client or JDBC (Java Database Connectivity) if you want to use the SQL data accessor.