E.4 MIKEY message structure for CSK distribution

33.1793GPPRelease 13Security of Mission Critical Push To Talk (MCPTT) over LTETS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The MIKEY-SAKKE message shall include the Common Header payload, Timestamp payload, RAND payload, IDRi payload, IDRr payload, IDRkmsi payload, IDRkmsr payload, SAKKE payload and a SIGN (ECCSI) payload. The message may also include a Security Properties payload.

In the Common Header payload, the CSB ID field of MIKEY common header shall be the CSK-ID. The CS-ID map type shall be GENERIC-ID as defined in IETF RFC 6043 [25].

Identity payloads shall be IDR payloads as defined in section 6.6 of IETF RFC 6043 [25]. The IDRi payload shall contain the MCPTT ID associated with the initiating user. The IDRr payload shall contain the MDSI of the MCPTT Domain. The message shall also include IDRkmsi and IDRkmsr that contains the URI of the MCPTT KMS used by the initiating user and MCPTT Server respectively.

NOTE: Where confidentiality of user identifiers is required, the MCPTT ID may be replaced with the UID generated from the MCPTT ID as defined in clause F.2.1.

The SAKKE payload shall encapsulate the CSK to the UID generated from the MDSI of the MCPTT Domain. The ID Scheme in the SAKKE payload shall be ‘URI Scheme’ to reflect the generation scheme defined in clause F.2.1.

The entire MIKEY message shall be signed by including an SIGN payload providing authentication of initiating user. The signature shall be of type 2 (ECCSI). The signature shall use the UID generated from the MCPTT ID of the initiating user.