Cisco Cisco Packet Data Interworking Function (PDIF)
This reference point is located between 3GPP AAA Server/Proxy and HNB-GW. The functionality of this
reference point is to enable following requirements on SeGW:
reference point is to enable following requirements on SeGW:
• The SeGW shall be authenticated by the HNB using a SeGW certificate.
• The SeGW shall authenticate the HNB based on HNB certificate.
• The SeGW authenticates the hosting party of the HNB in cooperation with the AAA server using
EAP-AKA.
• The SeGW shall allow the HNB access to the core network only after successful completion of all
required authentications.
• Any unauthenticated traffic from the HNB shall be filtered out at the SeGW
X.509 Certificate-based Authentication Support
HNB-GW supports X.509 Certificate-based authentication to HNB/UE for a public key infrastructure (PKI)
for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies the standard formats
for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation
algorithm.
for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies the standard formats
for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation
algorithm.
Open Access Mode Support
An Open HNB provides its services to any mobile subscriber in Femto network. This feature is intended to
provide Open access mode support on an UMTS HNB-GW. Open access HNBs can be deployed in public
places like airports to increase the indoor coverage or to offload the traffic from the macro cell.
provide Open access mode support on an UMTS HNB-GW. Open access HNBs can be deployed in public
places like airports to increase the indoor coverage or to offload the traffic from the macro cell.
This feature provides following procedure for Open Access HNB registration on HNB-GW:
• OPEN HNB registration:
1
On receiving HNB-REGISTER-REQ from HNB, HNB-GW sends RADIUS-Access-Request to
AAA-server. HNB-GW will not care whether HNB has sent cell-access-mode in the register request
or not.
AAA-server. HNB-GW will not care whether HNB has sent cell-access-mode in the register request
or not.
2
AAA-server performs authentication and authorization. If this is successful AAA-server sends
RADIUS-Access-Accept to HNB-GW. Then AAA-server includes the Whitelist attribute in the
response. AAA-server prepare Whitelist attribute in the following manner:
RADIUS-Access-Accept to HNB-GW. Then AAA-server includes the Whitelist attribute in the
response. AAA-server prepare Whitelist attribute in the following manner:
• Cell-access-mode field in the Whitelist attribute will be set to "Open".
• Number-of-IMSIs field in the Whitelist attribute will be set to 0 (zero).
• IMSIs will not be included in the Whitelist attribute.
3
HNB-GW overrides the cell-access-mode value received from HNB by the one received from
AAA-server.
AAA-server.
4
HNB-GW discards "IMSI List" received for an Open Access-mode HNB from AAA-server in
Access-Accept or COA message.
Access-Accept or COA message.
5
AAA server sends access-mode as 0 (Closed mode) or 1 (Hybrid mode) or 2 (Open mode). If it sends
any other value in Access-Accept, then HNB-GW shall send HNB-REGISTER-REJECT with
Unauthorised-HNB cause.
any other value in Access-Accept, then HNB-GW shall send HNB-REGISTER-REJECT with
Unauthorised-HNB cause.
HNB-GW Administration Guide, StarOS Release 19
22
HNB Gateway in Wireless Network
Open Access Mode Support