L.2 Functional model for the MC Security Gateway (SeGy)

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A MC Security Gateway (SeGy) communicates with 3GPP MC systems as a 3GPP partner interconnected MC domain. The SeGy has two interfaces. On the encrypted interface, the SeGy acts as a 3GPP MC domain that uses MC security mechanisms defined in this specification. On the encrypted interface, the SeGy communicates with protected MC systems (MC systems that use the security mechanisms defined in this specification). On the unencrypted interface the SeGy acts as a 3GPP MC domain that does not use the security mechanisms defined in this specification. On the unencrypted interface, the SeGy communicates with unprotected MC systems (MC systems that do not use the security mechanisms defined in this specification) or external systems. Consequently, on the encrypted interface media shall be encrypted and signalling may be encrypted. On the unencrypted interface, media and signalling are unencrypted. Figure L.2-1 shows the role of the SeGy in context.

Figure L.2-1: MC Security Gateway (SeGy)

The SeGy shall be configured as an independent security domain to existing MC security domains. In Figure L.2-1, the MC Domain is in Security Domain A, whereas the SeGy is in Security Domain X. This allows the risk of terminating security to be isolated to the SeGy, and allows the use of the SeGy to be communicated to clients.