3 Definitions and abbreviations
24.1093GPPBootstrapping interface (Ub) and network application function interface (Ua)Protocol detailsRelease 17TS
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply.
Bootstrapping information: set of parameters that have been established during bootstrapping procedure
The information consists of a bootstrapping transaction identifier (B-TID), key material (Ks), and a group of application specific security parameters related to the subscriber.
Bootstrapped security association: association between a UE and a BSF that is established by running bootstrapping procedure between them. The association is identified by a bootstrapping transaction identifier (B-TID) and consists of bootstrapping information.
CA certificate: The Certificate Authority public key is itself contained within a certificate, called a CA certificate. The CA sign all certificates that it issues with the private key that corresponds to the public key in the CA certificate.
Delivery of CA certificate: procedure during which UE requests a root certificate from PKI portal, who delivers the certificate to the UE. The procedure is secured by using GBA.
PKI portal: certification authority (or registration authority) operated by a cellular operator
Reverse proxy: a reverse proxy is a gateway for servers, and enables one server (i.e., reverse proxy) to provide content from another server transparently, e.g., when UE’s request for a particular information is received at a reverse proxy, the reverse proxy is configured to request the information from another server. The reverse proxy functionality is transparent to the UE, i.e., the UE does not know that the request is being forwarded to another server by the reverse proxy.
Root certificate: a certificate that an entity explicitly trusts, typically a self-signed CA certificate
Subscriber certificate: certificate issued to a subscriber
It contains the subscriber’s own public key and possibly other information such as the subscriber’s identity in some form.
Subscriber certificate enrolment: procedure during which UE sends certification request to PKI portal and who issues a certificate to UE. The procedure is secured by using GBA.
WAP Identity Module (WIM): used in performing WTLS, TLS, and application level security functions, and especially, to store and process information needed for user identification and authentication
The WPKI may use the WIM for secure storage of certificates and keys (see 3GPP TS 33.221 [4], OMA ECMAScript [19], and OMA WPKI [20] specifications).
For the purposes of the present document, the following terms and definitions given in 3GPP TS 33.220 [1] apply:
Temporary IP Multimedia Private Identity
For the purposes of the present document, the following terms and definitions given in 3GPP TS 33.223 [24] apply:
Disposable-Ks model
Push-message
Push-NAF
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
A-KID AKMA Key IDentifier
AKA Authentication and Key Agreement
AKMA Authentication and Key Management for Applications
AP Authentication Proxy
AS Application Server
AUTN Authentication Token
AUTS Re-synchronisation Token
AV Authentication Vector
BSF BootStrapping Function
B-TID Bootstrapping – Transaction IDentifier
CA Certification Authority
CK Confidentiality Key
DER Distinquished Encoding Rules
FQDN Fully Qualified Domain Name
GAA Generic Authentication Architecture
GBA Generic Bootstrapping Architecture
GBA_ME ME-based GBA
GBA_U GBA with UICC-based enhancements
GPI GBA Push Info
GUSS GBA User Security Settings
HSS Home Subscriber System
HTTP Hypertext Transfer Protocol
HTTPS HTTP over TLS
IK Integrity Key
IMPI IP Multimedia Private Identity
IMPU IP Multimedia PUblic identity
Ks Key material
Ks_NAF NAF specific key material
MAC Message Authentication Code
ME Mobile Equipment
NAF Network Application Function
PKCS Public-Key Cryptography Standards
PKI Public Key Infrastructure
PSK Pre-Shared Secret
RAND RANDom challenge
RES authentication Response
SA Security Association
SQN SeQuence Number
TLS Transport Layer Security
TMPI Temporary IP Multimedia Private Identity
UE User Equipment
UICC Universal Integrated Circuit Card
URI Uniform Resource Identifier
URN Uniform Resource Name
USIM User Service Identity Module
USS User Security Settings
UTC Coordinated Universal Time
WIM Wireless Identity Module
WPKI Wireless PKI
WTLS Wireless Transport Layer Security
XRES Expected authentication response