Authentication Federation Gateway
Authentication, Trust and Security are among the most familiar words that come forward from market research when analyzing the new mobile generation services. With the introduction of IMS networks and services like Voice over LTE (VoLTE) Operators face new security requirements on their IP based services and the device and service authentication mechanisms have to be both secure and simple for the end-users.
Authentication Federation Gateway (AFG) is a Virtualized/Cloud-ready authentication and security platform which enables operators to provide an extensive and advanced set of device and service authentication as well as data protection required for core solutions like VoLTE, RCS and IoT.
AFG capitalizes on the security features of the SIM and network based authentication offering a strong authentication framework from basic Single Sign On (SSO) to Generic Bootstrapping Architecture (GBA) mechanism.
AFG provides strong authentication capabilities that leverage the proven security features of the Subscriber Identity Module (SIM) for a strong and mutual authentication between users and applications. Using AFG, consumers do not need to remember usernames/passwords as the credentials are automatically generated based on information stored on the device/smartcard . Consumers are automatically authenticated and may access applications that previously required a login page.
Operator business benefits
AFG is a scalable and cloud-ready dual stack (IPv6/Ipv4) platform, which enables operators to provide an extensive and advanced set of authentication, authorization and security for VoLTE, RCS, LTE-BC, Public Safety, M2M/IoT and Web Authentication services including identity management solution based on the 3GPP standard for Generic Authentication Architecture (GAA) and Generic Bootstrapping Architecture (GBA).
AFG offers a scripting engine which enables high level of customization/adaptation by Operator and/or Ericsson Global support for the following flows:
Session Script: specifies what the AFG must do when a subscriber starts or ends an HTTP browser session.
Incoming Request Script: specifies what the AFG must do when it receives an incoming HTTP request from the subscriber and what must do when it receives a response to that request.
Outgoing Request Script: specifies what the AFG must do when it receives an incoming HTTP request from the subscriber and what do when it receives a response to that request.