Add Mobile Assets⚓︎

Before you Begin⚓︎

The following must exist before you can add a mobile asset:

• Customer
• Site
• System
• System Profile

Add a Mobile Asset⚓︎

1. Navigate to Mobile Assets.
2. click New and provide parameters.
3. Click Submit.

Add Multiple Mobile Assets from a File⚓︎

1. Navigate to Mobile Assets.
2. Click Import button then select Bulk Import and follow the prompts to import an .out file.

For more information on the import file format and adding Mobile Assets with the Bulk Import process, see Perform Bulk Actions

Configure Mobile Asset Properties⚓︎

Technical Information

IMSI

Required. A unique numeric identifier for the Mobile Asset. Includes the Mobile Country Code (MCC), the Mobile Network Code (MNC), plus the Mobile Asset Identification Number (MSIN).

ICCID

Optional. Integrated Circuit Card Identification Number. An 18-22 digit code printed on the SIM card. Includes the country, home network, and identification number.

OPC

Required. The Operator Code (OP) is a fixed code of exactly 32 characters (128-bits) unique to a network provider. Used with the K value to generate an OPc value.

Customer

The Enterprise owner of the network.

System

The Mobile Asset can be assigned to one System only.

Status

Sets the current state of the Mobile Asset as either Active, or Inactive. Only Mobile Assets with an Active state can access the network. Setting a Mobile Asset to Inactive temporarily restricts access for a Mobile Asset without deleting them.

Configuration & Management

MSISDN

Required. The phone number associated with the mobile asset.

K

Required. A 32 hexadecimal character used as a shared secret that is \'known\' by both the SIM and the HSS database. Used with the OP value to generate an OPc value.

Keyset

Select from the list of existing Keysets used for SIM authentication security. Only Keysets previously mapped to an HSS Keyset ID and associated with the current Site are available. You can only assign a Keyset to a Mobile Asset once. See Add a Keyset

System Profile

The System Profile sets bandwidth limitations and applies Extensions. Only one System Profile can be assigned to a Mobile Asset at a time.

Custom Extensions

Applies custom parameters (Extensions) to the Mobile Asset. For more information on Extensions, see Customize with Extensions

Enable Keyset Authentication⚓︎

Keysets are collections of encryption keys and algorithms used to verify mobile asset authentication and network integrity.

Loading Keysets is a task performed by an Expeto Site Installer.

Keysets are loaded to the Expeto xCore database during Site installation using the CLI. The Customer is provided with multiple Keysets. The same Keysets can be loaded at multiple sites owned by the same Customer. Additional Keysets can be requested and loaded.

Adding and Mapping Keysets is a task performed by a Network Administrator. The Site must have Keyset Mapping enabled by the Expeto Site Installer. A Network Administrator with Keyset permissions, using Expeto xControl, creates a Keyset name then maps the name to an HSS Keyset Identifier (KSI).

Applying Keysets is a task performed by a Network Administrator. Requires Create Mobile Assets permission.

With the mapping completed, the Keyset Name can be selected when adding a single Mobile Asset or for multiple Mobile Assets throughBulk Import.

Add a Keyset⚓︎

After adding a Keyset, the Keyset name can be selected when adding Mobile Assets. However, to enable encrypted authentication, the Keyset name must be mapped to the HSS Keyset Identifier of a loaded Keyset.

To add a Keyset:

1. Navigate to Keysets. The list of existing Keysets appears.
2. Click New.
3. Type a Name for the Keyset.
4. Select a Customer.
5. Click Submit.

The new Keyset appears in the Keyset list. The Keyset is made available for mobile assets added to any of the sites belonging to the Customer.

Now, the Keyset must be mapped to an HSS Identifier.

Map a Keyset⚓︎

Before you begin:

• Keyset Mapping must be enabled for the Site by a Site Installer.
• The Site Installer must load a Keyset into the HSS.
• The Site Installer must provide you with the HSS Keyset Identifier.

To map a Keyset:

1. Navigate to Sites.
2. Select a Site.
3. In the Keysets section, click Add Keyset Mapping. The New Keyset Mapping panel appears.
4. Type the HSS Keyset Identifier provided by the Site Installer. You cannot select this value.
5. Provide an optional description of the Keyset. For example, Keyset for SIM batch 12.
6. Select the Keyset name. If there is no name available, you need to Add a Keyset.
7. Submit.

The same Keyset can be referenced by multiple Sites owned by the same Customer. The same Keyset must be loaded into both sites. The mapping procedure must be performed at both Sites. The Keyset name must be the same. The HSS Keyset Identifier to identical Keysets may be different depending on how the Keyset was loaded at each Site.

Understanding SIM Authentication Security⚓︎

The SIM card must be trusted. The Network must be trusted.

Security concerns include:

• Secret Key Exposure
• Replay attacks
• Spoofing the HSS

For a SIM to be authenticated as a mobile asset with a corresponding IMSI, mutual authentication occurs between the SIM card and the HSS database. Authentication occurs when an encrypted string is decrypted and the result matches the expected result. Both the HSS and SIM card perform this mutual authentication process using a shared secret key (K) and the OP generated OPc value plus a sequence number that increments on each authentication challenge. These values must not be exposed publicly and are, therefore, encrypted and decrypted using the referenced Keyset.

The referenced Keyset contains and generates multiple private keys to encrypt and decrypt files. Finally, the HSS sends an encrypted AUTN value for the SIM to decrypt; the SIM sends the HSS its encrypted response via the MME. If the HSS determines the response after decryption is the expected response, the mobile asset is authenticated and attached to the network.