This document describes YBTS procedures for authentication and authorization.
About Authentication in YateBTS
YateBTS supports 2G and 3G authentication. It currently authenticates only registration request. This is limited in the nipc.js script. If this script is modified we could authenticate other requests as well.
Authenticating a mobile terminated call
First, OpenVoLTE sends an INVITE request. It will be handled by ybts directly.
If OpenVoLTE doesn’t challenge this request (200 OK), the call starts. If any 401 and any 200 OK answers are received, the call stops.
If the 401 answer is received together with authentication vectors, the authentication vectors are sent to ybts that sends an Authentication request to the MS.
If OpenVoLTE answers with 200 OK, the call is started. Otherwise, the authentication process is retried one more time.
Note 1: This behavior will be added in YateBTS 3 as soon as roaming is added.
Note 2: In the YateBTS LabKit only the registration request is authenticated. The nipc.js script generates the authentication vectors locally instead of sending REGISTER request to outside server.
When processing location update requests from MS the module will dispatch an user.register message with username parameter set to IMSI.
The message will also contain imei and tmsi if available.