The GPRS access modes specify whether or not the GGSN requests user authentication at the access point to a PDN (Public Data Network). The available options are:
- Transparent: No security authorization/authentication is requested by the GGSN.
- Non-transparent: In this case, GGSN acts as a proxy for authenticating.
The GPRS transparent and non-transparent modes relate only to PDP type IPv4.
Transparent access pertains to a GPRS PLMN that is not involved in subscriber access authorization and authentication. Access to PDN-related security procedures are transparent to GSNs.
In transparent access mode, the MS is given an address belonging to the operator or any other domain’s addressing space. The address is given either at subscription as a static address or at PDP context activation as a dynamic address. The dynamic address is allocated from a Dynamic Host Configuration Protocol (DHCP) server in the GPRS network. Any user authentication is done within the GPRS network. No RADIUS authentication is performed; only IMSI-based authentication (from the subscriber identity module in the handset) is done.
Non-transparent access to an intranet/ISP means that the PLMN plays a role in the intranet/ISP authentication of the MS. Non-transparent access uses the Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) message issued by the mobile terminal and piggybacked in the GTP PDP context activation message. This message is used to build a RADIUS request toward the RADIUS server associated with the access point name (APN).
GPRS Access Point Name:
The GPRS standards define a network identity called an access point name (APN). An APN identifies a PDN that is accessible from a GGSN node in a GPRS network. In GPRS, only the APN is used to select the target network. To configure an APN, the operator configures three elements on the GSN node:
- Access point: Defines an APN and its associated access characteristics, including security (RADIUS), dynamic address allocation (DHCP), and DNS services.
- Access point list: Defines a logical interface that is associated with the virtual template.
- Access group: Defines whether access is permitted between the PDN and the MS.