SafeNet, The Foundation of Information Security
 
 
Language: English English Japanese Chinese Chinese Spanish Portuguese
sample image
Blank
GBA Mobile Authentication Solution
Blank
Home > Products > GBA Mobile Authentication Solution
Blank

BSF/GBA Mobile Authentication Solutions

Flexible, Reliable, SIM-based Mobile Device Authentication

Next-generation mobile applications such as mobile TV,  mobile payments, and IP Multimedia Subsystem (IMS) present an extremely promising means for mobile operators and service providers competing in a mature market to increase the average revenue per subscriber and improve customer retention. Flexible licensing, rights management, and device authentication solutions are all critical to the successful implementation of these feature-rich applications.

When deploying mobile TV, mobile payments, IMS, and other services, it is important for mobile operators to ensure subscriber ownership while minimizing deployment time and cost. SafeBSF is a flexible, carrier grade Generic Bootstrapping Architecture (GBA) solution for authentication of user equipment. GBA, as defined by 3GPP, mutually authenticates the SIM card and the operator network during service access initiation. The derived keys are then used to protect Service Encryption Keys (SEKs) so that they can only be accessed by the authenticated device.

SafeBSF seamlessly integrates with multiple Network Application Functions (NAFs) and with an operator’s existing Home Location Register (HLR). SafeBSF complements SafeNet’s DRM Fusion Toolkit4TV, the leading software-based security solution for mobile TV. DRM Fusion Toolkit4TV is the first-of-its-kind to incorporate MBMS Security and the OMA BCAST Smartcard Profile solutions, the emerging open standards for mobile TV protection. Although SafeBSF is pre-integrated for Mobile TV it also supports IMS and other operator applications.

SafeBSF components include a Bootstrapping Server Function (BSF), an HSS/HLR proxy, and a Zn proxy.

A full GBA Implementation for Mobile TV, IMS, and beyond

SafeBSF provides a full 3GPP defined GBA implementation which can be used with Universal Subscriber Identity Modules (USIMs) or IP Multimedia Services Identity Modules (ISIMs).

Integration with existing HLR

SafeBSF can interact with an existing HLR or act as a stand-alone Home Subscriber Server (HSS). Since the standardized Zn interface is supported, the entire GBA implementation can be replaced if necessary with no effect on the other components.

Support for multiple NAFs

Multiple NAFs can be handled at the same time. A grouping of NAFs allows assignment of different USSs to NAFs representing the same application.

Security  

All confidential information, such as bootstrapping keys, is encrypted and stored in a database. All critical communications links are encrypted, e.g. TLS on the Zn’ interface. For further enhanced security a SafeNet Hardware Security Module (HSM) can be deployed for key storage or for execution of cryptography functions.

Scalability and Redundancy

SafeNet GBA components are fully scalable and can be deployed in a redundant configuration with automatic failover. Hardware or software load-balancing can be used. The SIGTRAN/SS7 implementation supports load balancing and redundancy between multiple STPs (signaling gateways).

Logging and Monitoring

The SafeBSF event management system is used to direct application events to event propagators. The events received by each propagator are configurable. Among the default propagators is a Simple Network Management Protocol (SNMP) event propagator sending SNMP traps and a log propagator which writes events to a log file. Custom propagators can also be added. Logs can be also filtered based on severity.

Key Performance Indicators (KPIs)

Configurable performance counters are supported – reporting the number of Zn requests in a specific period of time and number of transactions in the peak second of the last reporting period for Ub.
The monitoring features enable the operator to monitor activities including but not limited to:

  • Number of transactions in the last reporting period for Ub interface
  • Number of transactions in the peak second of the last reporting period for Ub interface
  • Number of transactions in last reporting period for Zn interface
  • Number of transactions in the peak second of the last reporting period for Zn interface
  • Number of stored security associations

Appliance or Software

SafeBSF is delivered as an appliance or as software components. The GBA components consist of logically separate components; a HSS/HLR proxy, the BSF, and a Zn proxy therefore allowing flexible deployments since the modules are distributable. Deployment of these components on physically distinct servers is also supported. However, it is recommended to co-locate the HSS/HLR proxy and the BSF.

Components:  

Bootstrapping Function (BSF)
The BSF component enables bootstrapping of mutual authentication and session keying material between the UE (user equipment) and the NAF.

Supports Ub, Zn and Zh interfaces
The BSF interacts with the UE over interface Ub. BSF also supports interface Zn/Zn’ which allows the NAF to fetch the key material previously agreed during a HTTP Digest AKA protocol run over Ub. In SafeBSF, Zn is implemented over both SOAP and Diameter. The BSF also supports interface Zh to the HSS/HLR proxy.

Zn Proxy
The Zn proxy is an optional component. When used, the Zn Proxy validates that the NAF is authorized to participate in GBA and asserts the NAF’s DNS name to the BSF.

Supports Zn and Zn’ (TLS) interfaces
The Zn’ interface between the Zn Proxy and the BSF can be secured using TLS.

HSS/HLR Proxy
The HSS is a fully functional GBA HSS which manages GUSS, secret keys K, etc. This component can also act as a proxy to an existing HLR by retrieving authentication information from the HLR over SIGTRAN or SS7.

SafeNet’s Industry-leading Portfolio of DRM & Mobile TV Protection Solutions:  

SafeNet is a global leader in information security. Founded more than 25 years ago, SafeNet offers the world’s only complete portfolio of open standards-based, end-to-end security solutions for the protection, management, and monetization of digital content.

The company offers a full spectrum of DRM & Mobile TV Protection solutions composed of client and server-side software, toolkits, hardware, and IP; secure/trusted platforms for mobile handsets; and mobile authentication components for operators/service providers.

SafeNet is firmly committed to the development and delivery of flexible, future-proof, standards-based DRM and Mobile TV Protection solutions. The company is an active member of several industry associations including the BMCoForum, China DRM Forum, and the Open Mobile Alliance (OMA). British Telecom, CCTV, Ericsson, HP, Huawei, Irdeto, MediaTek, Mobily, Nokia, Sony, Sun, UPC, and scores of other customers partner with SafeNet to solve their DRM and Mobile TV Protection needs.
With SafeNet’s flexible, reliable, and easy-to-integrate DRM & Mobile TV Protection Solutions customers can reach new and emerging markets and expand revenue channels while reducing development cost and time to market.

Learn more about SafeNet’s Mobile TV Protection Solutions
Arrow Contact Us
Request Information
Technical Support
General Contact
Find a Partner
 
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2008 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.