The following information is stored in the ISIM:
?– Private user identity
?– At least one public user identity
?– Home network domain
?– Authentication key
?– Ciphering algorithm
?– Sequence number checking (SQN)
Authentication also applies for the subscriber. The same authentication keys that are
shared between the network and the subscriber device allow the device to authenticate
the network when a request is sent to the device (or even a response). This provides
another level of assurance that is not available today, preventing subscribers from responding
to requests sent by rogue networks.
Authorization Authorization determines what services a subscriber is allowed access
to, as well as what networks the subscriber is allowed to visit. This is stored in the
HSS assigned to each subscriber. The service authorization is part of the subscriber??™s
service profile. This means that a subscriber who has multiple public identities may
Security Procedures in the IMS 145
have several service profiles (one for each of his or her public identities), entitling that
subscriber to different types of services.
Remember when we talked about identities that a subscriber may have one identity
for their PDA, and another identity for their cell phone. Each of these may have a
different set of permissions depending on their usage. My work cell phone, as an example,
can be used for instant messaging, e-mail, and voice calls.
Pages:
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301