📄 pppext-eap-sim-12.txt
字号:
| | When starting EAP/SIM | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_ANY_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY containing a re-authentication identity) | |------------------------------------------------------>| | | On re-authentication, if the AT_IDENTITY attribute contains a valid re-authentication identity and the server agrees on using re- authentication, then the server proceeds with the re-authentication sequence and issues the EAP-Request/SIM/Re-authentication packet, as specified in Section 4.3. Fall Back to Full Authentication The case when the server does not recognize the re-authentication identity the peer used in AT_IDENTITY, and issues a second EAP- Request/SIM/Start message is illustrated below. Haverinen and Salowey Expires: 27 April, 2004 [Page 20] Internet Draft EAP SIM Authentication 27 October, 2003 Peer Authenticator | | | +------------------------------+ | | Server does not have any | | | Subscriber identity available| | | When starting EAP/SIM | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_ANY_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY containing a re-authentication identity) | |------------------------------------------------------>| | | | +------------------------------+ | | Server does not recognize | | | The re-authentication | | | Identity | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_FULLAUTH_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY with a full-auth. identity, AT_NONCE_MT, | | AT_SELECTED_VERSION) | |------------------------------------------------------>| | | Requesting the Permanent Identity 1 The figure below illustrates the case when the EAP server fails to map the pseudonym identity included in the EAP-Response/Identity packet to a valid permanent identity. Haverinen and Salowey Expires: 27 April, 2004 [Page 21] Internet Draft EAP SIM Authentication 27 October, 2003 Peer Authenticator | | | EAP-Request/Identity | |<------------------------------------------------------| | | | EAP-Response/Identity | | (Includes a pseudonym) | |------------------------------------------------------>| | | | +------------------------------+ | | Server fails to map the | | | Pseudonym to a permanent id. | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_PERMANENT_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY with permanent identity, AT_NONCE_MT, | | AT_SELECTED_VERSION) | |------------------------------------------------------>| | | If the server recognizes the permanent identity, then the authentication sequence proceeds as usual with the EAP Server issuing the EAP-Request/SIM/Challenge message. Requesting the Permanent Identity 2 The figure below illustrates the case when the EAP server fails to map the pseudonym included in the AT_IDENTITY attribute to a valid permanent identity. Haverinen and Salowey Expires: 27 April, 2004 [Page 22] Internet Draft EAP SIM Authentication 27 October, 2003 Peer Authenticator | | | +------------------------------+ | | Server does not have any | | | Subscriber identity available| | | When starting EAP/SIM | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_ANY_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | |EAP-Response/SIM/Start | |(AT_IDENTITY with a pseudonym identity, AT_NONCE_MT, | | AT_SELECTED_VERSION) | |------------------------------------------------------>| | | | | | +-------------------------------+ | | Server fails to map the | | | Pseudonym in AT_IDENTITY | | | to a valid permanent identity | | +-------------------------------+ | | | EAP-Request/SIM/Start | | (AT_PERMANENT_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY with permanent identity, | | AT_NONCE_MT, AT_SELECTED_VERSION) | |------------------------------------------------------>| | | Three EAP/SIM/Start Roundtrips In the worst case, there are three EAP/SIM/Start round trips before the server has obtained an acceptable identity. This case is illustrated below. Haverinen and Salowey Expires: 27 April, 2004 [Page 23] Internet Draft EAP SIM Authentication 27 October, 2003 Peer Authenticator | | | +------------------------------+ | | Server does not have any | | | Subscriber identity available| | | When starting EAP/SIM | | +------------------------------+ | | | EAP-Request/SIM/Start | | (Includes AT_ANY_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | EAP-Response/SIM/Start | | (AT_IDENTITY with re-authentication identity) | |------------------------------------------------------>| | | | +------------------------------+ | | Server does not accept | | | The re-authentication | | | Identity | | +------------------------------+ | | | EAP-Request/SIM/Start | | (AT_FULLAUTH_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | |EAP-Response/SIM/Start | |(AT_IDENTITY with a pseudonym identity, AT_NONCE_MT, | | AT_SELECTED_VERSION) | |------------------------------------------------------>| | | | +-------------------------------+ | | Server fails to map the | | | Pseudonym in AT_IDENTITY | | | to a valid permanent identity | | +-------------------------------+ | | | EAP-Request/SIM/Start | | (AT_PERMANENT_ID_REQ, AT_VERSION_LIST) | |<------------------------------------------------------| | | | | | EAP-Response/SIM/Start | | (AT_IDENTITY with permanent identity, AT_NONCE_MT, | | AT_SELECTED_VERSION) | |------------------------------------------------------>| | | After the last EAP-Response/SIM/Start message, the full authentication sequence proceeds as usual. If the EAP Server recognizes the permanent identity and is able to proceed, the server issues the⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -