Jump to content

Generic Bootstrapping Architecture

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by JPLeRouzic (talk | contribs) at 08:31, 27 November 2007 (Created page with 'GBA is one technology enabling to authenticate a user. This authentication is possible if the user owns a valid identity to an HLR/HSS. The user authentication is ...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

GBA is one technology enabling to authenticate a user. This authentication is possible if the user owns a valid identity to an HLR/HSS.

The user authentication is instantiated by a shared secret, one in the smart card inside the mobile phone and the other is on the HLR/HSS.

GBA authenticate by making a network component challenge the SIM card and verifying that the answer is similar by the one predicted by the HLR/HSS.

Instead of asking to the service provider to trust the BSF and relying on it at every authentication request, the BSF establish a shared secret between the SIM card and the service provider. This shared secret is limited in time and for a domain.

This solution has some strong points of certificate and shared secrets without having some of their weaknesses. A very strong point is that there are no needs for secure deployment of keys. Other examples of advantages are the easiness to integrate this authentication method in terminals and service providers as it is based on the HTTP well known "Digest Authentication". On the service provider side all is needed is a small library named NAF.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Generic_Bootstrapping_Architecture&oldid=174097500"