3 Definitions and abbreviations

24.1093GPPBootstrapping interface (Ub) and network application function interface (Ua)Protocol detailsRelease 17TS

3.1 Definitions

For the purposes of the present document, the following terms and definitions apply.

Bootstrapping information: set of parameters that have been established during bootstrapping procedure
The information consists of a bootstrapping transaction identifier (B-TID), key material (Ks), and a group of application specific security parameters related to the subscriber.

Bootstrapped security association: association between a UE and a BSF that is established by running bootstrapping procedure between them. The association is identified by a bootstrapping transaction identifier (B-TID) and consists of bootstrapping information.

CA certificate: The Certificate Authority public key is itself contained within a certificate, called a CA certificate. The CA sign all certificates that it issues with the private key that corresponds to the public key in the CA certificate.

Delivery of CA certificate: procedure during which UE requests a root certificate from PKI portal, who delivers the certificate to the UE. The procedure is secured by using GBA.

PKI portal: certification authority (or registration authority) operated by a cellular operator

Reverse proxy: a reverse proxy is a gateway for servers, and enables one server (i.e., reverse proxy) to provide content from another server transparently, e.g., when UE’s request for a particular information is received at a reverse proxy, the reverse proxy is configured to request the information from another server. The reverse proxy functionality is transparent to the UE, i.e., the UE does not know that the request is being forwarded to another server by the reverse proxy.

Root certificate: a certificate that an entity explicitly trusts, typically a self-signed CA certificate

Subscriber certificate: certificate issued to a subscriber
It contains the subscriber’s own public key and possibly other information such as the subscriber’s identity in some form.

Subscriber certificate enrolment: procedure during which UE sends certification request to PKI portal and who issues a certificate to UE. The procedure is secured by using GBA.

WAP Identity Module (WIM): used in performing WTLS, TLS, and application level security functions, and especially, to store and process information needed for user identification and authentication
The WPKI may use the WIM for secure storage of certificates and keys (see 3GPP TS 33.221 [4], OMA ECMAScript [19], and OMA WPKI [20] specifications).

For the purposes of the present document, the following terms and definitions given in 3GPP TS 33.220 [1] apply:

Temporary IP Multimedia Private Identity

For the purposes of the present document, the following terms and definitions given in 3GPP TS 33.223 [24] apply:

Disposable-Ks model

Push-message

Push-NAF

3.2 Abbreviations

For the purposes of the present document, the following abbreviations apply:

A-KID AKMA Key IDentifier

AKA Authentication and Key Agreement

AKMA Authentication and Key Management for Applications

AP Authentication Proxy

AS Application Server

AUTN Authentication Token

AUTS Re-synchronisation Token

AV Authentication Vector

BSF BootStrapping Function

B-TID Bootstrapping – Transaction IDentifier

CA Certification Authority

CK Confidentiality Key

DER Distinquished Encoding Rules

FQDN Fully Qualified Domain Name

GAA Generic Authentication Architecture

GBA Generic Bootstrapping Architecture

GBA_ME ME-based GBA

GBA_U GBA with UICC-based enhancements

GPI GBA Push Info

GUSS GBA User Security Settings

HSS Home Subscriber System

HTTP Hypertext Transfer Protocol

HTTPS HTTP over TLS

IK Integrity Key

IMPI IP Multimedia Private Identity

IMPU IP Multimedia PUblic identity

Ks Key material

Ks_NAF NAF specific key material

MAC Message Authentication Code

ME Mobile Equipment

NAF Network Application Function

PKCS Public-Key Cryptography Standards

PKI Public Key Infrastructure

PSK Pre-Shared Secret

RAND RANDom challenge

RES authentication Response

SA Security Association

SQN SeQuence Number

TLS Transport Layer Security

TMPI Temporary IP Multimedia Private Identity

UE User Equipment

UICC Universal Integrated Circuit Card

URI Uniform Resource Identifier

URN Uniform Resource Name

USIM User Service Identity Module

USS User Security Settings

UTC Coordinated Universal Time

WIM Wireless Identity Module

WPKI Wireless PKI

WTLS Wireless Transport Layer Security

XRES Expected authentication response