Jump to content

Generic Bootstrapping Architecture

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 193.49.124.107 (talk) at 11:50, 4 August 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

GBA is one technology enabling the authentication of a user. This authentication is possible if the user owns a valid identity on an HLR Home Location Register or a Home Subscriber Server

GBA is standardized at the 3GPP (http://www.3gpp.org/ftp/Specs/html-info/33220.htm) . The user authentication is instantiated by a shared secret, one in the smartcard inside the mobile phone and the other is on the HLR/HSS.

GBA authenticates by making a network component challenge the simcard card and verify that the answer is similar by the one predicted by the HLR/HSS.

Instead of asking to the service provider to trust the BSF and relying on it for every authentication request, the BSF establishes a shared secret between the simcard card and the service provider. This shared secret is limited in time and for a specific domain.

This solution has some strong points of certificate and shared secrets without having some of their weaknesses:

- A very strong point is that there is no need for secure deployment of keys.

- Another advantage is the ease with which the authentication method may be integrated into terminals and service providers, as it is based on HTTP's well known "Digest access authentication".

- On the service provider side, all that is needed is a small library named NAF.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Generic_Bootstrapping_Architecture&oldid=229758802"