3 Password handling
23.0113GPPRelease 17Technical realization of Supplementary ServicesTS
3.1 General
Some supplementary services can be subscribed with the option "control of supplementary service by subscriber using password" as described in the corresponding 3GPP TS 23.08x and 23.09x ‑series of technical specifications. This option is applicable only for the CS domain. These services are referenced in the following as protected supplementary services.
The password is stored in the HLR only.
It has to be memorised by the network, if a wrong password has been used. Therefore, the HLR stores the value of the Wrong Password Attempts counter (WPA).
If a password check is done with an incorrect password, the WPA is incremented by one. If a password check is passed, WPA is set to zero. If WPA exceeds the value three, the subscription option "control of supplementary service" is set to "by the service provider". This makes registration of password and activation or deactivation of protected supplementary services impossible (see 3GPP TS 22.004).
When the service provider registers a password, the WPA is set to zero.
When an attempt to perform an operation requiring a password is received by the network, the network has to check whether the requesting subscriber has subscribed to the option "control of supplementary service by subscriber using password". This is shown in figure 3.1 (function PW1).
If this option has the value "by the service provider" the WPA has to be checked. When WPA exceeds three, then more than three attempts with a wrong password have been made and the appropriate message will be sent to the user. If the value of WPA is less than or equal to three, then the subscriber has not subscribed to "control of supplementary service by subscriber using password".
When a password is supplied, it has to be checked, whether it is identical to the one stored. If this applies, then WPA is reset to zero. Otherwise WPA is incremented by one and dependent of the value of the counter, the network shall request the password again, or shall send and error message and update the subscription option as shown in figure 3.2 (function PW2).
After the input of a wrong password more than three consecutive times, the only possibility to reset the Wrong Password Attempts counter (WPA) is, to register a new password by the service provider.
Figures 3.3 and 3.4 show the procedures executed by the network in order to check the format (function PW3) and to check the new password (function PW4).
Figure 3.1: PW1; Check of subscription option (HLR)
Figure 3.2: PW2; Check of password input (HLR)
Figure 3.3: PW3; Format check (HLR)
Figure 3.4: PW4; Check of new password (HLR)
3.2 Registration of password
If the served mobile subscriber at provision time has selected the subscription option "control of supplementary service by subscriber using password", the service provider has to register a password at provision time. Furthermore the served mobile subscriber can change the password by an appropriate control procedure at any time. The control procedure consists of three steps: first, the old password has to be provided; secondly, the new password has to be given, after which it has to be verified by providing it once more (see figure 3.5).
If the served mobile subscriber at provision time has selected the subscription option "control of supplementary service by the service provider" an attempt to register a password will be denied and the served mobile subscriber should receive a notification.
The subscriber can register a new password, thus causing the previous registration to be overridden (see figure 3.5).
3.3 Use of password
If the served mobile subscriber at provision time has selected the subscription option "control of supplementary service by subscriber using password" the supplementary service is activated only if the subscriber provides the correct password to the network.
If the served mobile subscriber at provision time has selected the subscription option "control of supplementary service by the service provider", the supplementary service cannot be activated by the subscriber. The activation has to be performed by the service provider. An attempt to activate the service will be denied and the served mobile subscriber should receive a notification.
If the served mobile subscriber at provision time has selected the subscription option "control of supplementary service by subscriber using password", and if a wrong password is entered to activate the service the supplementary service will not be activated and the served mobile subscriber is notified.
The information flow for activation of a protected supplementary service is shown in figure 3.6.
Figure 3.5: Registration of a new password
NOTE: PW1, PW2 and PW3 indicate password handling programs.
Figure 3.6: Activation of protected supplementary service
NOTE: SS indicates any of the protected supplementary services.
PW1 and PW2 indicate password handling programs.
ICH indicates interaction checks if necessary.
3.4 Deactivation
The procedure for activation, described in clause 3.3, is valid also correspondingly for deactivation.
The information flow for deactivation of protected supplementary service is shown in figure 3.7.
Figure 3.7: Deactivation of protected supplementary service
NOTE: SS indicates any of the protected supplementary services. PW1 and PW2 indicate password handling programs.