From: Pekka Pessi
The authentication mechanisms include SIM authentication (basic A8
authentication used with GSM), AKA authentication and UICC-based GBA
authentication.
The SIM and AKA can be used to implement EAP and GBA authentication
algorithms.
The interface can be applied to both SIM/USIM or ISIMs.
---
doc/sim-authentication-api.txt | 186
1 files changed, 186 insertions(+), 0 deletions(-)
create mode 100644 doc/sim-authentication-api.txt
diff --git a/doc/sim-authentication-api.txt b/doc/sim-authentication-api.txt
new file mode 100644
index 000..97f4fac
--- /dev/null
+++ b/doc/sim-authentication-api.txt
@@ -0,0 +1,186 @@
+SimAuthentication hierarchy
+===
+
+Serviceorg.ofono
+Interface org.ofono.SimAuthentication
+Object path[variable prefix]/{modem0,modem1,...} for SIM/USIM
+ [variable prefix]/{modem0,modem1,...}/{isim01,...} for
ISIM
+
+Methodsdict GetProperties()
+
+ Returns all properties for this object. See the
+ properties section for available properties.
+
+ Possible Errors: [service].Error.InvalidArguments
+
+ dict Authenticate(string suite, dict input)
+
+ Executes the requested authentication suite.
+ The input and returned result depend on the
+ authentication suite.
+
+ See the suite sections for input and results for
+ each suite.
+
+ Possible Errors: [service].Error.InvalidArguments
+[service].Error.NotImplemented
+
+Properties array{string} Suites [readonly]
+
+ Contains the list of supported authentication
+ suites and applications. The possible values are:
+
+ "SIM" - SIM authentication
+ "AKA" - AKA authentication
+ "GBA_U" - UICC-based GBA authentication
+
+ string IPMultimediaPrivateIdentity [readonly, optional]
+
+ GBA identity read from ISIM or derived from IMSI.
+
+ string BootstrappingServerFunctionAddress [readonly, optional]
+
+ FQDN read from ISIM or derived from IMSI,
+ used with GBA.
+
+ string TMPI [readonly, optional]
+
+ Temporary identity used in GBA bootstrapping.
+
+ string BTID [readonly, optional]
+
+ Unique identity obtained from BSF server.
+
+SIM Authentication Suite
+
+
+ SIM authentication can be used to implement EAP SIM or
+ GBA_ME authentication.
+
+ In case of successful SIM authentication the returned
+ dictionary contains following items:
+
+ byte{array} "SRES" - SRES parameter
+
+ byte{array} "Kc" - Kc ciphering key
+
+ The SRES parameter is a 4-byte array.
+ The Kc parameter is a 8-byte array.
+
+AKA Authentication Suite
+
+
+ AKA authentication can be used to implement EAP AKA, AKA
+ digest or GBA_ME authentication.
+
+ The input dictionary must contain following input
+ parameters:
+
+ byte{array} "RAND" - RAND parameter
+
+ byte{array} "AUTN" - AUTN parameter
+
+ In case of successful AKA authentication the returned
+ dictionary contains following items:
+
+ byte{array} "RES" - AKA RES parameter
+
+ byte{array} "CK" - AKA Ciphering key
+
+ byte{array} "IK" - AKA Integrity key
+
+ AKA is a mutual authentication algorithm: terminal and
+ network authenticate each other. In case the terminal
+ rejects the AUTN from network, the returned dictionary
+ contain following item:
+
+ byte{array} "AUTS" - AKA AUTS parameter
+
+ All the AKA parameters and keys are 16-byte arrays.
+
+UICC-based GBA Authentication Suite
+---
+
+ GBA is used to establish a unique identity and a shared
+ secret between SIM card and a network service.
+
+ The GBA_ME variant where the Ks key is stored outside
+ SIM card can be implemented using ordinary SIM or AKA
+ authentication.
+
+ The UICC-based GBA variant, GBA_U, keeps the Ks key
+ stored on the SIM card (UICC) and lets the SIM card
+ calculate the NAF keys.
+
+ For further reference on GBA, see 3GPP TS 33.220
+ and 3GPP TS 24.109.
+
+
