3 Definitions and abbreviations

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

3.1 Definitions

For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in 3GPP TR 21.905 [1].

Authorised Identity: An application identity given to an authorised user or network entity (e.g. MC Service ID) containing authorisation information.

External KMS: The KMS which is the root of trust for a specific External Security Domain.

External Security Domain: A security domain that the user is not a member of, but with which the user may communicate.

Floor: Floor(x) is the largest integer smaller than or equal to x.

Home KMS: The KMS that is the root of trust of the Home Security Domain.

Home Security Domain: The MCX user’s primary security domain.

Identity Management Domain: The MC clients and MC functions that share an Identity Management Server (IdMS). To be specific, the MC clients request access tokens from the same primary IdMS, and the MC functions accept access tokens from this IdMS.

KMS Certificate: A certificate containing the security parameters for a security domain. This is required to support identity-based cryptography and differs from X.509 certificates used for traditional PKI. See Annex D.3.1 for details.

KMS URI: A unique identifier for a security domain, or equivalently, a logical KMS.

MCX: Mission critical services where “MCX” may be substituted with the term “MCPTT”, “MCVideo”, “MCData”, or any combination thereof.

Migration KMS: The KMS that is the root of trust of a specific Migration Security Domain.

Migration Security Domain: A security domain that a user is a (temporary) member of, and may be keyed to use, but is not the user’s Home security domain.

Partner domain: A secondary MC domain which may support MC services for MC users who are home to a different MC domain. See also External Security Domain.

Primary domain: The “home” MC domain where MC users receive their primary identity management and MC services. See also Home Security Domain.

Privileged signalling: Signalling which is performed by an authorised user and allows the authorised userto cause an intrusive action on a target client without the target user’s permission.

Security Domain: A security domain is a group of MCX users who share common security requirements and policies for their communications. From a technical perspective, users within a security domain share a KMS and KMS certificate. MCX users may be members of one or more security domains.

3.2 Abbreviations

For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in 3GPP TR 21.905 [1].

CMS Configuration Management Server

CS Crypto Session

CSB-ID Crypto Session Bundle Identifier

CSC Common Services Core

CSK Client-Server Key

CSK-ID Client-Server Key Identifier

DPCK MCData Payload Cipher Key

DPPK MCData Payload Protection Key

DPPK-ID MCData Payload Protection Key Identifier

GBA Generic Bootstrapping Architecture

GMK Group Master Key

GMK-ID Group Master Key Identifier

GMS Group Management Server

GUK-ID Group User Key Identifier

IdM Identity Management

IdMS Identity Management Server

InK Integrity Key

InK-ID Integrity Key Identifier

InterKMRec Interworking Key Management Record

InterKMRec-ID Interworking Key Management Record Identifier

InterSD Interworking Security Data

IWF InterWorking Function

JSON JavaScript Object Notation

JWS JSON Web Signature

JWT JSON Web Token

KDF Key Derivation Function

KFC Key For Control Signalling

KFC-ID Key for Floor Control Identifier

KMS Key Management Server

MBCP Media Burst Control Protocol

MCData Mission Critical Data

MCPTT Mission Critical Push to Talk

MCVideo Mission Critical Video

MCX Mission Critical Services

MKFC Multicast Key for Floor Control

MSCCK MBMS subchannel control key

MSRP Message Session Relay Protocol

MuSiK Multicast Signalling Key

MKI Master Key Identifier

NTP Network Time Protocol

NTP-UTC Network Time Protocol – Coordinated Universal Time

OIDC OpenID Connect

PCK Private Call Key

PCK-ID Private Call Key Identifier

PKCE Proof Key for Code Exchange

PSK Pre-Shared Key

SEG Security Gateway

SeGy Security Gateway

SPK Signalling Protection Key

SRTCP Secure Real-Time Transport Control Protocol

SRTP Secure Real-Time Transport Protocol

SSRC Synchronization Source

TBCP Talk Burst Control Protocol

TGK Traffic Generating Key

TrK KMS Transport Key

TrK-ID KMS Transport Key Identifier

UID User Identifier for MIKEY-SAKKE (referred to as the ‘Identifier’ in RFC 6509 [11])

XPK XML Protection Key