5.2.5 Key distribution with SAKKE-to-self payload

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The key distribution mechanism defined in clauses 5.2.2, 5.2.3 and 5.2.4 may be extended to allow the initiating entity to be able to decrypt the distributed key, K contained within the payload.

NOTE: Where the initiating entity is an MCX user logged into multiple devices, this extension is necessary to allow all devices to obtain the key, K and decrypt any subsequent communication.

In addition to encrypting the key, K, to the receiving entity, the key is also encrypted to the initiating entity. The UID used to encrypt the data is derived from the initiating entity’s URI (e.g. sip:user.002@mcptt.example.org) and a time-related parameter (e.g. the current year and month). The encapsulated key is added to a SAKKE-to-self payload within the MIKEY I_MESSAGE. No other payloads (e.g. IDRr) are affected.

Figure 5.2.5-1: Common key distribution mechanism with SAKKE-to-self payload