Authentication, Authorization and Accounting

What is Authentication, Authorization and Accounting?

Authentication refers to the process where an entity’s identity is authenticated, usually by providing evidence that represents a specific digital identity such as an identifier or credentials. Some examples of credentials include passwords, tokens, digital certificate.

Authorization is the process where it determines if a particular entity is authorized to carry out an action, usually inherited from authentication when logging on to an application or service. Authorization may be determined based on a range of restrictions, for example time-of-day restrictions, physical location restrictions or multiple access attempts from the same user or entity. Examples of some common authorization services in networking includes IP address filtering, address assignment, route assignment, quality of service/differential services, bandwidth control/traffic management, compulsory tunnelling to a specific endpoint, and encryption.

Accounting refers to the tracking of network resources used up by users for the purpose of capacity and trend analysis, cost allocation and billing. In addition, it may also record events such as authentication and authorization failures, and include auditing functionality, which permits verifying the correctness of procedures carried out based on accounting data. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources.

Some example of AAA (Authentication, Authorization, Accounting) usage in CDMA data networks:

AAA servers in CDMA data networks are entities that provide IP functionality to support the functions of authentication, authorization and accounting. The AAA server in the CDMA wireless data network architecture is similar to the HLR in the CDMA wireless voice network architecture.

Some types of AAA servers include:

• Access Network AAA – It communicates with RNC in the Access Network to enable authentication and authorization functions to be performed at the Access Network.

• Broker AAA – Acts as an intermediary to proxy AAA traffic between roaming partner networks.

• Home AAA – The Home AAA stores user profile information, responds to authentication requests, and collects accounting information.

• Visited AAA – The AAA server in the visited network from which a roamer is receiving service. The Visited AAA in the serving network communicates with the Home AAA in a roamer’s home network.