AAA refers to a framework based on IETF
protocols, Remote Authentication Dial-in User Service (RADIUS) or Diameter , which specify the procedures
for authentication, authorization, and accounting associated with the user
terminal’s subscribed services across different access technologies.
As an example, AAA includes mechanisms for secure exchange and
distribution of authentication credentials and session keys for
data encryption. The AAA protocols provide the
following services:
• Authentication including device, user, or combined device
and user authentication;
• Authorization including delivery of information to configure
the session for access, mobility, QoS, and other applications;
• Accounting including delivery of billing information
and other information that can be used to audit session activity by both the
H-NSP and V-NSP.
The AAA framework supports global roaming across operator
networks, including support for reuse of credentials and consistent use of
authorization and accounting. It further supports roaming between H-NSP and
V-NSP. The AAA framework is based on use of RADIUS or Diameter in ASN and CSN.
The AAA framework accommodates both Mobile IPv4 and Mobile IPv6 Security Association (SA) management. It further
accommodates various network operation scenarios from fixed to full mobility.
The AAA framework provides support for deploying MS authorization, user and
mutual authentication between MS and the NSP, based on Privacy Key Management
(PKMv2). In order to ensure interoperability, the AAA framework supports
Extensible Authentication Protocol (EAP)-based authentication mechanisms that
include passwords, Subscriber Identity Module, Universal Subscriber Identity
Module, Universal Integrated Circuit Card, Removable User Identity Module, and
X.509 digital certificates. The AAA framework is capable of providing the V-CSN
or ASN with a temporary identifier that represents the user without revealing
the user’s identity.
The NAP may deploy an AAA proxy between two NASs in ASN
and the AAA in CSN in order to provide security and enhanced
manageability. The AAA proxy will also allow the NAP to regulate the AAA
attributes received from the visited CSN, and to add additional AAA
attributes that may be required by the NASs in the ASN. Note that the CSN
hosts the AAA server, whereas the ASN hosts one or more NASs.
The PKMv2 protocol is used to perform over-the-air
user authentication. The PKMv2 transfers EAP messages over R1 reference
point (i.e., the IEEE 802.16-2009 air interface or its evolution) between
the MS and the BS in ASN.
