Authentication process is the critical issue on mobile broadband service. Authentication process will determine how secure the network while unauthorized user try to access the mobile broadband service. To protect the service, telecommunication provider applies some security procedure before the access the service. Authentication, Authorization and Accounting (AAA) server is the network element which is designed and implemented for that purpose on mobile internet service such as CDMA 1x, 3G, EVDO and WIMAX

PAP and CHAP

There are two type of authentication procedure which can be implemented on mobile broadband service which can be applied on PDSN or GPRS. They are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). PAP and CHAP can be implemented on the mobile broadband service but for the security purpose, telecommunication provider used use Challenge Handshake Authentication Protocol (CHAP) method due to more secure than PAP

Password Authentication Protocol (PAP) method is simple authentication where mobile broadband customer need only to send some parameter from the Mobile Station (MS) and then Authentication, Authorization and Accounting (AAA) server will identify those parameter before they allow to access the service. Meanwhile Challenge Handshake Authentication Protocol (CHAP) method process is more complicated than PAP since there will be a challenge that will be added while Mobile Station (MS) will establish the connection. Authentication, Authorization and Accounting (AAA) server will indicate the challenge which is delivered by Mobile Station (MS) to PDSN and AAA, if all parameters requires is matched than authentication process pass and vice versa

Password Authentication Protocol (PAP) method will identify some parameters which is sent by mobile telecommunication subscriber such as International Mobile Subscriber Identify (IMSI), username and password (encrypted or decrypted). Meanwhile Challenge Handshake Authentication Protocol (CHAP) method will send more parameters beside those parameters on PAP such as challenge and message ID through Message-Digest algorithm 5 (MD5) algorithms. The procedure on CHAP will guarantee that the mobile broadband service will have only authorized users only to access the service

Incoming search terms for the article:

• password authentication protocol for lte (4)
• pap mobile com (3)
• PAP CHAP GPRS (3)
• gprs authentication pap chap (3)
• lte authentication (2)
• password authentication protocol pap (MESSAGE FLOW) (2)
• lte AUTHENTICATION PROTOCOL (2)
• Authentication Method pap (2)
• pap authentication method (2)
• PAP chap GPRS flow (2)

While making a session on mobile broadband service, server will check whether the parameters sent by session from mobile broadband subscriber has meet the condition or not. AAA server will reject the session if it does not meet the condition and allowing to the next process if the authentication process is pass. The Authentication, Authorization and Accounting (AAA) call process of mobile broadband session is running on the application layer, mobile broadband subscriber did not aware about the process. Mobile broadband subscriber needs only to make a session while they want to access to internet

Authentication process on mobile broadband service requires several parameters depend on the network platform implemented by telecommunication companies to provide mobile broadband service. The parameters sent to AAA server while mobile broadband subscriber initiate sessions are

1. Username and password

AAA server already specified the unique username and password that should be sent by mobile broadband subscriber while they initiate a session. AAA server is also specifying the domain that those username and password will be classified. Authentication request from subscriber should contain the same value which already specify on the AAA server. In case username or password does not match, then AAA servers will response with authentication reject. A notification will be displayed on the mobile broadband subscriber with certainty value such as “Invalid Username and Password”

2. IMSI (International Mobile Subscriber Identity)

CDMA platform will check mobile broadband subscriber’s IMSI (International Mobile Subscriber Identity) when authentication process happens. IMSI (International Mobile Subscriber Identity) is 15 digit numbers which divided into digits of MNC (Mobile Network Code), MCC (Mobile Country Code) and MDN (Mobile Directory Number). Authentication process will check whether session from mobile broadband subscriber has valid IMSI or not. In case the IMSI is valid then will go to the next step and if the IMSI is valid the session will be terminated and AAA server will send authentication reject message

Incoming search terms for the article:

• intelligent authentication process (4)
• authentication process IN LTE (2)
• aaa server technology telecom (1)
• what is a mobile broadband authentification number (1)
• network authentication processes (1)
• network authentication process (1)
• IMSI in terms of telecom (1)
• evdo authentication process (1)
• EVDo authentication (1)
• bigpond wireless broadband invalid username or password (1)

1. Authentication Function

Before subscriber is allowed to browse to internet or download content of Value Added Service (VAS), Authentication Server will check the parameter sent by subscriber whether valid or not. The parameters that will be checked could be username and password, domain and International Mobile Station Identity (IMSI). Each subscriber whether they make a dial session through modem attached to the computer/laptop or mobile phone/handset will send certainty parameters to the PDSN before they permit to browse to internet. Authentication Server will authenticate these parameters and once it matches subscriber will be allowed to go to the next level and one or more parameters are not match than subscriber will be rejected. Authentication Server could be done by its PDSN or dedicated server. To have more authentication parameters, usually telecommunication companies will install dedicated Authentication Server. It also could be combined with the authorization and accounting functions.

2. Accounting function

Accounting is charging function. It relates to the balance deduction and how subscriber will be charged, what kind of charging mechanism will be applied. Telecommunication companies which have various charging of wireless or mobile internet service, usually will have dedicated charging gateway to create many charging policies. Actually charging function can be done by PDSN itself but it is very simple and can not adopt various charging rules. The charging rules could how duration based, volume based, hybrid charging (combination between duration and volume bases) free tariff for certainty period, free charging for mount bytes, free accessing to certainty address e.g. free for chatting at Yahoo Messenger etc. Accounting server is how they will charge the subscriber. Therefore they maintain the connection to the Intelligent Network (IN) as the telecommunication infrastructure where subscriber balance is placed. Accounting server will check the current balance for prepaid subscriber and reserve the balance before it permit to browse to internet or download some contents of Value Added Service (VAS)

Incoming search terms for the article:

• aaa authentication authorization and accounting (1)
• free AAA authentication server (1)
• what does the pdsn do (1)

PDSN process the request before subscriber reach the internet and do the necessary action to make sure that the session reach the right another telecommunication network while make a data service session. Globally, PDSN has functions as below;

1. Manage the radio-packet (RP) interface that connect to BSC

As we know that the main issue on wireless internet service is lack of Radio Frequency (RF). While subscriber is connected but do nothing (dormant time) session between subscriber, BTS and BSC will be terminated but connection between BSC to PDSN still there until subscriber browse to generate the traffic

2. Provide routing and packet management service

Session from subscriber will be routed to internet gateway so then subscriber able to browse to internet. In another case subscribers will browse to internal application service such as Value Added Service (VAS). PDSN will route the subscriber’s request to proper application service

3. Applies IP services

Each session from subscriber will be allocated a certainty IP Pool. Each session has different IP Pool. PDSN will allocate this IP Pool to each subscriber

4. Collects packet billing data

Usually charging system is done by another network element (charging gateway). PDSN will forward the charging process to the another network element

5. Authentication packet connections

At the first when the subscriber make a dial up session, PDSN will sent to authentication to AAA server to identify whether this is valid subscriber or not

The important thing related to PDSN is Authentication, Accounting and Authorization (AAA) process. Accounting is related to charging process that will be done by charging gateway. Subscriber will be charged based on policy was applied on the charging gateway to each subscriber. Authentication process is identification process to each subscriber before they are allowed to access the internet. The things that will be checked by Authentication server are account (username and password) and mobile phone number(MIN – Mobile Identification Number). Meanwhile Authorization process is the access policy to the subscriber

Incoming search terms for the article:

• function of pdsn (1)
• functions of pdsn (1)
• mobile data service telco (1)
• PDSN services in brief (1)
• pdsn technology (1)

1. Base Transceiver Station (BTS) capacity
2. Link utilization
3. International bandwidth capacity

While subscriber makes a data service on mobile broadband internet service session by dialing to the particular short code (for example #456) from their mobile phone or modem, BTS will allocate some resources for this session. Number of resources needed by data service session is bigger than voice or messaging (SMS) service. It needs around four times of voice resource. It means that if voice needs 64 kbps to make sure the calling session running well, data service (wireless or mobile broadband internet services) need 4×64 kbps. Meanwhile each BTS has limited capacity. Therefore, Telecommunication Company which has limited carrier frequency will assign first priority to voice and messaging (SMS) services rather than data service (wireless or mobile broadband internet services). There are many ways to resolve the capacity issue on the BTS side;

1. Assigning dedicated RF channel frequency for data service (wireless or mobile broadband internet services)
2. Different frequency between voice and data services (wireless or mobile broadband internet services)
3. Adding RF capacity by install more BTS

Traffic which requested by subscribers is huge internet traffic so then need high link capacity to carry out them. It different with voice and messaging (SMS) services which has certainty capacity then Telecommunication Company can predict how much link capacity to carry out this service. Meanwhile data service (wireless internet services) will has unpredictable traffic more often they will has huge traffic during peak hour. As the result, utilization link to carry out traffic from subscriber to Public Data Serving Node (PDSN) – suppose on the CDMA platform – will always getting saturated. Telecommunication Company will take some action to resolve this issue e.g.

1. Adding E1 capacity or

2. Migrate to optical network

International Bandwidth very expensive and usually Telecommunication Company will consider many times to add more bandwidth capacity. It could be that no issue found on the RF capacity and the link network but more often they will experience lack of international bandwidth capacity especially during peak hour while many subscribers trying to access internet on mobile broadband internet service

Incoming search terms for the article:

• telecom data service model failure (1)
• what is link capacity in telecommunication (1)
• what is unstable connection in telecommunication mobile (1)

Although BREW services need a less RF capacity but sometime session will also retrieve error message that could be from any network element. BREW client will generate error such as “network busy” while they are trying to access the BREW application. This error could be caused by many reasons such as lack of RF capacity; the server was down etc. this error should be identified and get a resolution immediately to reduce many complaints from subscribers

There are many ways to ensure what the root cause of this problem and how to fix it. Analyzing to all of network elements is needed as one network element connect and support to another one. One of the methods to identify the root cause of problem and fix it is by tracing the session from each network elements. BREW services on mobile internet service are running on application layer and once we ensure that no issue on the application, tracing the entire of session to produce the complete logs and analyze it is very useful.

The network elements which need to be traced to get a useful data are;

1. Base Station Controller (BSC)
2. Mobile Switching Controller (MSC)
3. Public Data Service Node (PDSN)
4. BREW server

By tracing on the BSC we will notice if user already sent the request to PDSN and get the response through A10/11 protocol. We can say that no issue found on the BTS, BSC and MSC once we confirm that the connection between BSC to PDSN is established. We can ensure it once the request from BSC was responded by PDSN. Tracing log from the PDSN will give more information whether the session is established or not and whether user retrieves the application from BREW server or not. Here also we can find why the session was disconnected and who did it. PDSN is the central processing of wireless or mobile internet service including BREW services (download content). The entire of data service process is happening in this network element. Therefore, information about the failed session we can find here; who is not responding and why they are not.

We also can do tracing the session from the BREW server to identify if the request from subscriber arrive to the server or not and if server gives a response to this request. Once we have complete information from each network elements then we can take a resolution to avoid the same case happen in the future