EAP and AKA Authentication

Feature Summary and Revision History

Summary Data

Table 1. Summary Data

Applicable Product(s) or Functional Area

AMF

Applicable Platform(s)

SMI

Feature Default Setting

Enabled - Always-on

Related Documentation

Not Applicable

Revision History

Table 2. Revision History

Revision Details

Release

First introduced.

2021.04.0

Feature Description

AMF supports the handling of Extensible Authentication Protocol(EAP)-AKA Prime(AKA') authentication at the AMF.

AMF interacts with the UE and the AUSF while performing the UE registration procedure.

EAP-AKA' authentication is carried over the N12 interface with the AUSF.

When the AMF receives the Authentication Response from the AUSF, it carries the EAP payload back and forth between the AUSF and the UE. The AMF carries this payload until it’s successful or failed.

AMF supports optional message of Authentication Response from the AUSF.


Note

The notification received after a successful Authentication Response isn’t supported.

How it Works

This section describes how this feature works.

Call Flows

This section describes the key call flows for this feature.

EAP-AKA'-based Authentication Call Flow

This section describes the EAP-AKA'-based Authentication basic call flow.

Figure 1. EAP-AKA'-based Authentication Call Flow
Table 3. EAP-AKA'-based Authentication basic Call Flow Description

Step

Description

1

The gNB sends the Registration Request along with SUCI information to the AMF.

2

AMF sends Nnrf_NF_Discovery_Get_request with tgt-nf: AUSF, Routing-indicator, and other parameters to the NRF.

3

The AMF receives Nnrf_NF_Discovery_Response from the NRF.

4

The AMF sends Nausf_UEAuthentication_AuthenticateRequest with SUPI, SUCI, and SN-name to the AUSF.

5

 The AMF receives Nausf_UEAuthentication_AuthenticateResponse with type: EAP-AKA’, EAPRequest or AKA' challenge, and link from the AUSF.

6

The AMF sends the Authentication Request (EAP Request or AKA’ challenge, ngKSI, ABBA) to the UE.

7

The AMF receives the Authentication Response with the EAP Response or AKA’ challenge from the UE.

8

AMF sends the Nausf_UEAuthentication_AuthenticateRequest (EapSession) to the AUSF.

9

The AMF receives Nausf_UEAuthentication_AuthenticateResponse (EapSession) from the AUSF.
10

The AMF sends the Authentication Request with EAP Request/ngKSI, ABBA to the UE.

11

The AMF receives the Authentication Response (EAP Response) from the UE.
12

AMF sends the Nausf_UEAuthentication_AuthenticateRequest (EapSession) to the AUSF.

13

The AMF receives the Nausf_UEAuthentication_AuthenticateResponse with EAPSuccess, kseaf, and SUPI from the AUSF.

14

The AMF sends the Security Mode command with EAPSuccess, ngKSI, ABBA to UE.

15

The AMF receives the Security Mode Complete from the UE.

16

The AMF sends the Authentication Reject to the UE for Authentication Failure.

17

The AMF sends Nnrf_NFDiscovery_GetRequest with tgt-nf: UDM, Routing-indicator, and other parameters to the NRF.

18

The AMF receives Nnrf_NFDiscovery_Response from the NRF.