Content for TS 24.010 Word version: 18.0.0
4 Password management p. 20
The password management procedures consist of two independent procedures:
- password check;
- password registration.
4.1 Password check p. 20
4.1.1 Successful procedure p. 20
When the password check procedure is invoked by a parent procedure (e.g. for service activation, service deactivation, password registration), the network sends to the MS an invoke component of the operation "get password" with "password" as the value of the mandatory GuidanceInfo information element. This invoke component is embedded in a FACILITY message, since the password check procedure is always invoked during an existing transaction. The MS will return to the network the required password in the return result component of the operation. This return result component is embedded in a FACILITY message, see Figure 4.1. If the provided password is right the password check procedure returns to the parent procedure an indication of successful password check.
4.1.2 Error cases p. 20
If no result is returned by the MS for the "Get password" operation invoked by the network, the password check procedure is terminated.
If the password value which is returned by the MS does not match the password value registered in the network, the network increments a counter and sends to the MS a Return Error component indicating "Negative Password Check". The counter is reset as soon as the right password is returned.
If the served mobile subscriber enters a wrong call barring "password" three consecutive times, the subscription option "control of services" is set to "by the service provider" in the network: thus the network makes the use of password impossible for any subscriber operation. The password check procedure returns to the parent procedure an indication of Password Attempts Violation. The password can be made valid by the service provider only.
4.2 Password registration p. 21
If the served mobile subscriber is given the possibility to control the service by the use of a password, the service provider has to register a password at provision time. Furthermore, the served mobile subscriber can change the call barring password at any time.
The password registration procedure is as follows:
When the mobile subscriber wants to register a new password the old password, the new password and the repeat of the new password shall be entered into the MS. Then the MS sends to the network an invoke component of the operation "register password".
The common SS-code for call restriction services shall be used, but if the service code is not entered by the user the MS shall include the SS-code referring to all supplementary services.
4.2.1 Successful procedure p. 21
The successful procedure consists of three steps:
- the password registration procedure invokes first the password check procedure as it is described above;
- if the password check procedure has returned an indication of successful password check, the network sends secondly to the MS, in an invoke component of the operation "get password" with "new password?" as the value of the mandatory GuidanceInfo information element. This invoke component is embedded in a FACILITY message. The MS will return to the network the required new password in the return result component of the operation. This return result component is embedded in a FACILITY message;
- the network sends thirdly to the MS an invoke component of the operation "get password" with "new password again?" as the value of the mandatory GuidanceInfo information element. This invoke component is embedded in a FACILITY message. The MS will return again to the network the required new password in the return result component of the operation. This return result component is embedded in a FACILITY message.
4.2.2 Error cases p. 21
If the subscription option "control of services" is set to "by the service provider" or if the WPA is greater than 3 an attempt to register a password will be denied by the network (see TS 23.011). If the counter for wrong password attempts is smaller than four, the network will return to the MS an error component with the error value "SS_SubscriptionViolation". If the counter is larger than three, the error value "Password Attempts Violation" is returned.
If the password check procedure returns an indication of negative password check, the network will send to the MS a return error component of the operation "register password" with the error value "negativePasswordCheck".
If the new password is not repeated twice identically by the mobile subscriber, the network returns to the MS an error component of the "register password" operation with the error value "passwordRegistrationFailure". The diagnostic "newPasswordsMismatch" may be passed as an error parameter. The old password remains registered.
If no result is returned by the MS for the "Get password" operation invoked by the network the "register password" procedure is terminated, and the old password remains registered.
If the format of a new password which is returned by the MS is invalid (e.g. the value does not belong to the [0000-9999] range), the network sends to the MS an error component of the "register password" operation with the error value "passwordRegistrationFailure". The diagnostic "invalidFormat" may be passed as an error parameter. The old password remains registered.
4.3 Cross phase compatibility p. 22
When password procedures are initiated by an MS which does not provide an SS version indicator and where errors occur in password procedures, the network shall not send the protocol error values "DataMissing", "CallBarred" or "NumberOfPWAttemptsViolation".
When an MS that supports version 2 of the SS-protocol receives the guidance values "badPW-TryAgain" or "badPW-FormatTryAgain" it shall release the transaction and notify the mobile user in the same way as if the error value "negativePasswordCheck" has been returned by the network in reply to the parent operation.
