1. Introduction and Motivation

   The Hypertext Transfer Protocol (HTTP) Authentication Framework,
   described in RFC 2617draft [2], includes two authentication schemes: Basic
   and Digest.  Both schemes employ a shared secret based mechanism for
   access authentication.  The Basic scheme is inherently insecure in
   that it transmits user credentials in plain text.  The Digest scheme
   improves security by hiding user credentials with cryptographic
   hashes, and additionally by providing limited message integrity.

   The Authentication and Key Agreement (AKA) [6] mechanism performs
   authentication and session key distribution in Universal Mobile
   Telecommunications System (UMTS) networks.  AKA is a challenge-
   response based mechanism that uses symmetric cryptography.  AKA is
   typically run in a UMTS IM Services Identity Module (ISIM), which
   resides on a smart card like device that also provides tamper
   resistant storage of shared secrets.

   This document specifies a mapping of AKA parameters onto HTTP Digest
   authentication.  In essence, this mapping enables the usage of AKA as
   a one-time password generation mechanism for Digest authentication.

   As the Session Initiation Protocol (SIP) [3] Authentication Framework
   closely follows the HTTP Authentication Framework, Digest AKA is
   directly applicable to SIP as well as any other embodiment of HTTP
   Digest.

1.1. Terminology

   This chapter explains the terminology used in this document.

   AKA
      Authentication and Key Agreement.

   AuC
      Authentication Center.  The network element in mobile networks
      that can authorize users either in GSM or in UMTS networks.

   AUTN
      Authentication Token.  A 128 bit value generated by the AuC, which
      together with the RAND parameter authenticates the server to the
      client.

   AUTS
      Authentication Token.  A 112 bit value generated by the client
      upon experiencing an SQN synchronization failure.

   CK
      Cipher Key.  An AKA session key for encryption.

   IK
      Integrity Key.  An AKA session key for integrity check.

   ISIM
      IP Multimedia Services Identity Module.

   PIN
      Personal Identification Number.  Commonly assigned passcodes for
      use with automatic cash machines, smart cards, etc.

   RAND
      Random Challenge.  Generated by the AuC using the SQN.

   RES
      Authentication Response.  Generated by the ISIM.

   SIM
      Subscriber Identity Module.  GSM counter part for ISIM.

   SQN
      Sequence Number.  Both AuC and ISIM maintain the value of the SQN.

   UMTS
      Universal Mobile Telecommunications System.

   XRES
      Expected Authentication Response.  In a successful authentication
      this is equal to RES.

1.2. Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119 [1].