D.2 Introduction

24.1093GPPBootstrapping interface (Ub) and network application function interface (Ua)Protocol detailsRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A bootstrapping session (established using a bootstrapping procedure, cf. clause 4 and annex A) is used between a UE and an authentication proxy (AP) that is functioning as a NAF. The BSF provides to the AP an AP specific key material (Ks_NAF or Ks_ext_NAF and optionally Ks_int_NAF), which is derived from the key material (Ks). The AP uses this key to authenticate and optionally secure (i.e. integrity protect with HTTP Digest using "auth-int" qop option, or integrity protect and encrypt with PSK TLS) the communications between it and the UE. The BSF will also provide the AP the expiration time of the bootstrapping session. When the bootstrapping session becomes invalid the AP will stop using the session, and indicate to the UE that bootstrapping session has expired and that new session needs to be established.

The AP functions as a reverse proxy. After the AP has authenticated and optionally secured the communcation between it and the UE, the AP will forward the incoming HTTP requests from the UE to the correct appliation server (AS) behind the AP. There can be multiple application servers behind the AP.

NOTE: As consequence of the fact that the UE assumes it is communicating with the AS, not the AP, the AP might need to use different NAF specific keys per UE because (i) the UE will use the hostname of the AS (i.e., NAF_ID) when deriving the NAF specific key, (ii) the AP is doing virtual name based hosting, i.e., has reverse proxy functionality, and (iii) the UE can communicate through the AP with several ASes at the same time.

An example of the signalling flows of the authentication procedure between a UE, an AP, and an AS is given in clause D.3.

D.2.1 Key required to interpret signalling flows

The key to interpret signalling flows specified in clause A.2.2.