The problem with many VoIP implementations today is that authentication is optional,
and implementation specific. This results in many service providers not challenging
subscribers??™ devices when they access the network for credentials. Of course, since
many operators never implement authentication in their networks as policy, there
never are any credentials to share.
The concept of credentials is simple. The operator establishes a set of keys that are
used to create credentials that are known only to the operator. These keys are embedded
into the subscriber device purchased by the subscriber. To support allowing subscribers
to purchase their equipment from anyplace, the credentials are stored on a
small Universal Integrated Circuit Card (UICC) as an application. This UICC is then
inserted into the subscriber device.
The UICC is another GSM concept that has worked very well for wireless operators.
In the U.S., this concept is not implemented as well, because operators want control
over which devices their subscribers use in their networks. In other words, they only
144 Chapter 6
want devices they sell to be used in their networks. For this reason, the UICC and SIM
applications on those UICCs are locked, preventing subscribers from inserting them
into other phones and using them.
In networks outside of the U.S., the UICC can be inserted into any device and used
on the network.
Pages:
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299