D.1 General aspects

33.1793GPPRelease 13Security of Mission Critical Push To Talk (MCPTT) over LTETS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

This annex specifies the key management procedures between the KMS and the key management client that allows keys to be provisioned to the key management client based on a identity. It describes the requests and responses for the authorization following provisioning messages:

– KMS Initialize.

– KMS KeyProvision.

– KMS CertCache.

All KMS communications are made via HTTPS. The MCPTT key management client is provisioned via XML content in the KMS’s response. The XML content is designed to be extendable to allow KMS/client providers to add further information in the XML. Where the interface is extended, a different XML namespace should be used (so that may be ignored by non-compatible clients).

It is assumed that transmissions between the KMS and the key management client are secure and that the KMS has authenticated the identity of the key management client.

Additionally, to allow the transmission of key material securely between a secure element within the KMS and a secure element within the key management client, a security extension is defined which allows messages to be signed and key material to be encrypted using a shared Transport Key (TrK).