5.6 Key management for one-to-one (private) communications (PCK)

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The purpose of this procedure is to allow two MCP UEs to create an end-to-end security context to protect an MCX private communication. To create the security context, the initiating MCX UE generates a Private Communication Key (PCK) and securely transfers this key, along with a key identifier (PCK-ID), to the terminating MCX UE. Prior to key distribution, both MCX UE shall be provisioned by the Key Management Server (KMS) with time-limited key material associated with the MCX user as described in clause 5.3.

The PCK is distributed between the MCX clients using the security mechanism described in clause 5.2.2, transported over the SIP bearer within the SDP content of a SIP INVITE (or within the SDP content of a SIP MESSAGE message when used for MCData SDS). The SAKKE-to-self extension may be included as defined in clause 5.2.5. Identity hiding may be supported as defined in clause 5.2.6. The receiving MCX client and any MCX Server through which the SIP INVITE is routed, may respond with a KMS Redirect Response (KRR) as described in clause 5.2.8.

The initiating entity shall be the initiating MCX user. The initiating entity URI shall be the MCX service ID of the initiating user. The receiving entity shall be the terminating MCX user. The receiving entity URI shall be the MCX service ID of the terminating user. The distributed key, K, shall be the PCK and the distributed identifier K-ID shall be the PCK-ID.

Clause E.2 provides MIKEY message structure for PCK distribution.