ANSI SCTE 173-3-2017 pdf download.Specification for Authentication in Preferential Telecommunications over IPCablecom2 Networks
6 Authentication in IPCablecom2
Authentication in IPCablecom2 networks is impacted by two dimensions:
• location of originating and terminating devices or VoIP user agent (UA) functionality; and
• form of identity presented by the preferential telecommunication service requester and manner by which the asserted identity is verified.
Authentication entails receiving identification and identity verification/validation information necessary, prior to authorizing completion of a preferential priority call or session. This capability should exist on the access network and it must also be propagated throughout all relevant network entities to provide, as much as possible, end-to-end preferential treatment. The manner in which end- to-end preferential treatment is provided is outside the scope of this standard.
The following four possibilities are to be considered for calls that require preferential treatment:
1) Originate from a UA at a location authorized for preferential treatment services and terminate at a UA at any general location.
2) Originate from a UA at a location authorized for preferential treatment services and terminate at a UA at a location that is authorized for preferential treatment services.
3) Originate from a UA at a general location and terminate at a UA at a location authorized for preferential treatment services.
4) Originate from a UA at a general location and terminate at a UA at any general location.
Authentication itself can be subdivided into two (or sometimes three) components: The first is receipt of identification information, which identifies the preferential service requester. The second is receipt of identification verification information that allows the network to verify the accuracy of the requester’s claimed identity when placing a preferential service call, so that the information can be propagated to all relevant entities in the network, should the call be authorized. The third component, necessary in some situations, may require validating the identity against a database of authenticated identities.
Currently, identification and authentication are combined through the use of a personal identification number (PIN) presented by the caller after dialling an access number for enabling preferential treatment. This PIN may be validated against a PIN database to determine authorized services. PIN based authentication actually authenticates the requester, not the device being used when making the request, and thus allows preferential treatment requests to be initiated from any device. Also, this approach allows calls that require preferential treatment to be originated from circuit switched telephone devices attached to private PBX systems. The PIN based authentication approach was designed specifically for per call requests. IPCablecom2-enabled infrastructures should accommodate this legacy approach along with providing other forms of identification and authentication for VoIP-based calls using the session initiation protocol (SIP).
6.1 IPCablecom2 PIN authentication of VoIP UA preferential treatment call to PSTN
SIP user agent (UA) functions have to register with the IMS call processing function of the service provider so they can place and receive SIP signalled calls regardless of call type. Figure 1 depicts a PIN authenticated preferential treatment request between a VoIP SIP UA and a device on the PSTN where the requester calls a specific telephone number associated with a preferential treatment application server function. For the registration of both the calling UA, and the called UA, and preferential treatment PIN authentication, the following basic steps occur (a number of acknowledgements and other secondary messages are not shown or addressed). Even though registration message exchanges are not specific to preferential treatment, they are included to provide the complete flowANSI SCTE 173-3-2017 pdf download